2018-10-31 19:00:00
redhat
PUBLISHED
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the GF_XATTR_IOSTATS_DUMP_KEY xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling setxattr(2) to trigger a state dump and create an arbitrary number of files in the servers runtime directory.