CVE-2018-10929

NameCVE-2018-10929
DescriptionA flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1510-1
NVD severitymedium (attack range: remote)
Debian Bugs909215

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glusterfs (PTS)jessie3.5.2-2+deb8u3vulnerable
jessie (security)3.5.2-2+deb8u5fixed
stretch3.8.8-1vulnerable
buster, sid5.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glusterfssource(unstable)4.1.4-1medium909215
glusterfssourcejessie3.5.2-2+deb8u4mediumDLA-1510-1

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1612660
https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
When fixing this issue make sure to be complete an not open CVE-2018-14651
Search for package or bug name: Reporting problems