CVE-2014-3619
A denial of service flaw was found in the way the __socket_proto_state_machine() function of glusterfs processed certain fragment headers. A remote attacker could send a specially crafted fragment header that, when processed, would cause the glusterfs process to enter an infinite loop.
Find out more about CVE-2014-3619 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat Storage 2.1 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Support Matrix:
CVSS v2 metrics
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Common for Red Hat Enterprise Linux 7 (glusterfs) | RHBA-2015:0040 | 2015-01-15 |
| Red Hat Storage Server 3 (glusterfs) | RHBA-2015:0038 | 2015-01-15 |
| Red Hat Gluster Storage Nagios 3.1 on RHEL-6 (gluster-nagios-common) | RHBA-2015:0038 | 2015-01-15 |
| Red Hat Storage Native Client for Red Hat Enterprise Linux 6 (glusterfs) | RHBA-2015:0038 | 2015-01-15 |
| Red Hat Storage Native Client for Red Hat Enterprise Linux 5 (glusterfs) | RHBA-2015:0038 | 2015-01-15 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Gluster Storage 3.0 | glusterfs | Will not fix |
| Red Hat Gluster Storage 2.1 | glusterfs | Will not fix |
| Red Hat Enterprise Linux 7 | glusterfs | Will not fix |
| Red Hat Enterprise Linux 6 | glusterfs | Will not fix |
| Red Hat Enterprise Linux 5 | glusterfs | Will not fix |