Gluster: >> Glusterfs Security Vulnerabilities
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
CVSS Score
5.0
EPSS Score
0.011
Published
2015-03-27
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.
CVSS Score
2.1
EPSS Score
0.001
Published
2013-04-09
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVSS Score
3.6
EPSS Score
0.002
Published
2012-11-18
Page 3