vulnerability

SUSE: CVE-2018-10904: SUSE Linux Security Advisory

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Sep 4, 2018
Added
Jan 21, 2020
Modified
Oct 22, 2021

Description

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

Solution(s)

suse-upgrade-glusterfssuse-upgrade-glusterfs-develsuse-upgrade-libgfapi0suse-upgrade-libgfchangelog0suse-upgrade-libgfdb0suse-upgrade-libgfrpc0suse-upgrade-libgfxdr0suse-upgrade-libglusterfs0suse-upgrade-python-gluster
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.