CVE-2018-1129 – ceph: cephx uses weak signatures
https://notcve.org/view.php?id=CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha encontrado un error en la forma en la que el cálculo de firmas es gestionado por el protocolo de autenticación cephx. Un atacante que tenga acceso a la red de clústers ceph y que pueda alterar la carga útil de los mensajes podría omitir las comprobaciones de firma realizadas por el protocolo cephx. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://tracker.ceph.com/issues/24837 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1576057 https://github.com/ceph/ceph/com • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVE-2018-1128 – ceph: cephx protocol is vulnerable to replay attack
https://notcve.org/view.php?id=CVE-2018-1128
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha descubierto que el protocolo de autenticación cephx no verificaba correctamente los clientes ceph y era vulnerable a ataques de reproducción. Cualquier atacante que tenga acceso a la red de clústers de ceph y que pueda rastrear paquetes en la red puede emplear esta vulnerabilidad para autenticarse con el servicio ceph y realizar acciones permitidas por el servicio ceph. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://tracker.ceph.com/issues/24836 http://www.openwall.com/lists/oss-security/2020/11/17/3 http://www.openwall.com/lists/oss-security/2020/11/17/4 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1575866& • CWE-287: Improper Authentication CWE-294: Authentication Bypass by Capture-replay •
CVE-2018-7262 – ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service
https://notcve.org/view.php?id=CVE-2018-7262
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. En Ceph, en versiones anteriores a la 12.2.3 y versiones 13.x hasta la 13.0.1, la función RGWCivetWeb::init_env en rgw_civetweb.cc en radosgw no gestiona las cabeceras HTTP mal formadas adecuadamente, lo que permite una denegación de servicio (DoS). A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests. • http://tracker.ceph.com/issues/23039 https://access.redhat.com/errata/RHSA-2018:0546 https://access.redhat.com/errata/RHSA-2018:0548 https://bugzilla.redhat.com/show_bug.cgi?id=1546611 https://github.com/ceph/ceph/pull/20488 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO https://access.redhat.com/security/cve/CVE-2018-7262 https://bugzilla.redhat.com/show_bug.cgi?id=1546610 • CWE-476: NULL Pointer Dereference •
CVE-2017-16818
https://notcve.org/view.php?id=CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. RADOS Gateway en Ceph desde la versión 12.1.0 hasta la 12.2.1 permite que los usuarios autenticados remotos provoquen una denegación de servicio (fallo de aserción y salida de la aplicación) utilizando privilegios "full" (no necesariamente admin) para publicar un perfil no válido en la API admin. Esto está relacionado con rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h y rgw/rgw_iam_types.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1515872 https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6VJA32U7HKGDRJQDJVM7JBYWD4T7BJL • CWE-617: Reachable Assertion •
CVE-2016-8626 – Ceph: RGW Denial of Service by sending null or specially crafted POST object requests
https://notcve.org/view.php?id=CVE-2016-8626
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. Se ha descubierto un problema en versiones anteriores a la 0.94.9-8 de Red Hat Ceph. La forma en la que Ceph Object Gateway gestiona las peticiones de objeto POST permite que un atacante autenticado lance un ataque de denegación de servicio (DoS) enviando peticiones de objeto POST null o especialmente manipuladas. A flaw was found in the way Ceph Object Gateway handles POST object requests. • http://rhn.redhat.com/errata/RHSA-2016-2815.html http://rhn.redhat.com/errata/RHSA-2016-2816.html http://rhn.redhat.com/errata/RHSA-2016-2847.html http://rhn.redhat.com/errata/RHSA-2016-2848.html http://tracker.ceph.com/issues/17635 http://www.securityfocus.com/bid/94488 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626 https://access.redhat.com/security/cve/CVE-2016-8626 https://bugzilla.redhat.com/show_bug.cgi?id=1389193 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •