CVE-2018-10861 – ceph: ceph-mon does not perform authorization on OSD pool ops
https://notcve.org/view.php?id=CVE-2018-10861
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. Se ha encontrado un error en la forma en la que ceph mon maneja las peticiones de usuario. Cualquier usuario de ceph autenticado que tenga acceso de lectura en ceph puede eliminar, crear pools de almacenamiento de ceph y corromper imágenes instantáneas. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://tracker.ceph.com/issues/24838 http://www.securityfocus.com/bid/104742 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1593308 https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc https://www.deb • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2018-1129 – ceph: cephx uses weak signatures
https://notcve.org/view.php?id=CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha encontrado un error en la forma en la que el cálculo de firmas es gestionado por el protocolo de autenticación cephx. Un atacante que tenga acceso a la red de clústers ceph y que pueda alterar la carga útil de los mensajes podría omitir las comprobaciones de firma realizadas por el protocolo cephx. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://tracker.ceph.com/issues/24837 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1576057 https://github.com/ceph/ceph/com • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVE-2017-12155 – openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director
https://notcve.org/view.php?id=CVE-2017-12155
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. Se detectó una vulnerabilidad de permisos de recursos en el paquete openstack-tripleo-heat-templates donde se crea ceph.client.openstack.keyring con el permiso world-readable. Un atacante local con acceso a la clave podría leer o modificar datos en los pools de memoria del clúster de Cepth para OpenStack como si el atacante fuera el servicio OpenStack, pudiendo leer o modificar datos en un volumen de OpenStack Block Storage. A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. • https://access.redhat.com/errata/RHSA-2018:0602 https://access.redhat.com/errata/RHSA-2018:1593 https://access.redhat.com/errata/RHSA-2018:1627 https://bugs.launchpad.net/tripleo/+bug/1720787 https://bugzilla.redhat.com/show_bug.cgi?id=1489360 https://access.redhat.com/security/cve/CVE-2017-12155 • CWE-306: Missing Authentication for Critical Function CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-7031 – ceph: RGW permits bucket listing when authenticated_users=read
https://notcve.org/view.php?id=CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. El código RGW en Ceph en versiones anteriores a 10.0.1, cuando la lectura autenticada ACL es aplicada a un compartimento, permite a atacantes remotos listar el contenido del compartimento a través de una URL. A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket. • http://docs.ceph.com/docs/master/release-notes/#v10-0-1 http://rhn.redhat.com/errata/RHSA-2016-1972.html http://rhn.redhat.com/errata/RHSA-2016-1973.html http://tracker.ceph.com/issues/13207 http://www.securityfocus.com/bid/93240 https://github.com/ceph/ceph/pull/6057 https://access.redhat.com/security/cve/CVE-2016-7031 https://bugzilla.redhat.com/show_bug.cgi?id=1372446 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVE-2015-3010 – ceph-deploy: keyring permissions are world readable in ~ceph
https://notcve.org/view.php?id=CVE-2015-3010
ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. ceph-deploy anterior a 1.5.23 utiliza permisos débiles (644) para ceph/ceph.client.admin.keyring, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero. It was discovered that ceph-deploy, a utility for deploying Red Hat Ceph Storage, would create the keyring file with world readable permissions, which could possibly allow a local user to obtain authentication credentials from the keyring file. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155576.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155631.html http://rhn.redhat.com/errata/RHSA-2015-1092.html http://www.openwall.com/lists/oss-security/2015/04/09/11 http://www.openwall.com/lists/oss-security/2015/04/09/9 http://www.securityfocus.com/bid/74043 https://bugzilla.suse.com/show_bug.cgi?id=920926 https://github.com/ceph/ceph-deploy/commit/eee56770393bf19ed2dd5389226c6190c08d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •