Upstream information

CVE-2018-10914 at MITRE

Description

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4
Vector AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 6.5 5.5
Vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Access Vector Network Adjacent Network
Access Complexity Low Low
Privileges Required Low Low
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact None Low
Integrity Impact None Low
Availability Impact High Low
SUSE Bugzilla entries: 1105776 [NEW], 1107022 [NEW]

No SUSE Security Announcements cross referenced.