CVE-2014-3619
https://notcve.org/view.php?id=CVE-2014-3619
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. La función __socket_proto_state_machine en GlusterFS 3.5 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una cabecera de fragmento '00000000'. • http://advisories.mageia.org/MGASA-2015-0145.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html http://review.gluster.org/#/c/8662/4 http://www.mandriva.com/security/advisories?name=MDVSA-2015:211 https://bugzilla.redhat.com/show_bug.cgi?id=1138145 • CWE-399: Resource Management Errors •
CVE-2012-5635 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-5635
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. La funcionalidad GlusterFS en Red Hat Storage Management Console v2.0, Native Client, Server 2.0 permite a usuarios locales sobreescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en varios archivos temporales creados por (1) tests/volume.rc, (2) extras/hook- scripts/S30samba-stop.sh, y posiblemente otros vectores, la vulnerabilidad diferente a CVE-2012-4417. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. • http://rhn.redhat.com/errata/RHSA-2013-0691.html https://bugzilla.redhat.com/show_bug.cgi?id=886364 https://access.redhat.com/security/cve/CVE-2012-5635 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVE-2012-4417 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-4417
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. GlusterFS v3.3.0, como se usa en Red Hat Storage v2.0, permite a usuarios locales sobreescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en los archivos temporales con nombres predecibles. • http://rhn.redhat.com/errata/RHSA-2012-1456.html http://www.securityfocus.com/bid/56522 http://www.securitytracker.com/id?1027756 https://bugzilla.redhat.com/show_bug.cgi?id=856341 https://exchange.xforce.ibmcloud.com/vulnerabilities/80074 https://access.redhat.com/security/cve/CVE-2012-4417 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •