CVE-2018-14659

Name of the Vulnerable Software and Affected Versions Gluster file system versions 3.1.2 through 4.1.4

Description The issue allows a remote, authenticated attacker to perform a denial of service attack by utilizing the GF XATTR IOSTATS DUMP KEY xattr. This can be exploited by mounting a Gluster volume and repeatedly calling setxattr(2) to trigger a state dump, resulting in the creation of an arbitrary number of files in the server's runtime directory.

Recommendations For versions 3.1.2 through 4.1.4, consider restricting access to the GF XATTR IOSTATS DUMP KEY xattr to prevent exploitation. As a temporary workaround, consider disabling the setxattr(2) function until a patch is available. Restrict access to the Gluster volume to minimize the risk of exploitation.