It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
The product writes data past the end, or before the beginning, of the intended buffer.
| Link | Tags |
|---|---|
| https://review.gluster.org/#/c/glusterfs/+/21070/ | patch vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907 | mitigation third party advisory issue tracking |
| https://access.redhat.com/errata/RHSA-2018:2607 | third party advisory vendor advisory |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html | third party advisory mailing list |
| https://access.redhat.com/errata/RHSA-2018:2608 | third party advisory vendor advisory |
| https://access.redhat.com/errata/RHSA-2018:3470 | third party advisory vendor advisory |
| https://security.gentoo.org/glsa/201904-06 | third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | vendor advisory mailing list third party advisory |
| https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | third party advisory mailing list |