RHEL 7 : swiftonfile (RHSA-2015:1846)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

A flaw exists in Red Hat Gluster Storage's OpenStack Object Storage
(swiftonfile) due to improper enforcement of metadata constraints. An
authenticated, remote attacker can exploit this, via added metadata in
several separate calls, to bypass the max_meta_count restraint and
store more metadata than allowed by the configuration, resulting in a
denial of service condition.

See also :

http://rhn.redhat.com/errata/RHSA-2015-1846.html
https://www.redhat.com/security/data/cve/CVE-2014-8177.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 86844 ()

Bugtraq ID: 76979

CVE ID: CVE-2014-8177

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now