CVE-2018-10927: Input Validation
First published: Mon Aug 06 2018(Updated: )
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Gluster GlusterFS | >=3.12<3.12.14 | |
| Gluster GlusterFS | >=4.1<4.1.8 | |
| Redhat Virtualization Host | =4.0 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1625067
- https://review.gluster.org/21068
- https://bugzilla.redhat.com/show_bug.cgi?id=1612658
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2018-10927.
What is the severity of CVE-2018-10927?
The severity of CVE-2018-10927 is high with a CVSS score of 8.1.
How does this vulnerability affect the glusterfs server?
This vulnerability affects the glusterfs server and can be exploited by an authenticated attacker to leak information and execute remote denial of service by crashing the gluster brick process.
Which software versions are affected by this vulnerability?
The software versions affected by this vulnerability are glusterfs versions up to exclusive 3.12.14 and 4.1.4, Redhat Enterprise Linux Server versions 6.0 and 7.0, Debian Debian Linux versions 8.0 and 9.0, Redhat Virtualization Host version 4.0, and openSUSE Leap version 15.1.
Are there any remedies available to fix this vulnerability?
Yes, there are remedies available to fix this vulnerability, which can be found in the references provided.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10927
- agent/software-canonical-lookup
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/redhat
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- vendor/gluster
- canonical/gluster glusterfs
- version/gluster glusterfs/3.12
- version/gluster glusterfs/4.1
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- package-manager/redhat