First published: Tue Sep 25 2018(Updated: )
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debian Linux | =8.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Gluster GlusterFS | >=3.12<=3.12.14 | |
Gluster GlusterFS | >=4.1<=4.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14651 is a vulnerability that allows a remote, authenticated attacker to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes.
This vulnerability affects systems running Gluster GlusterFS versions 3.12 to 3.12.14 and versions 4.1 to 4.1.4.
CVE-2018-14651 has a severity rating of 8.8, which is classified as high.
To fix CVE-2018-14651, it is recommended to update to a version of Gluster GlusterFS that is not affected by the vulnerability.
You can find more information about CVE-2018-14651 and related vulnerabilities at the following links: [link1](https://access.redhat.com/security/cve/CVE-2018-10927), [link2](https://access.redhat.com/security/cve/CVE-2018-10928), [link3](https://access.redhat.com/security/cve/CVE-2018-10929).