SB2020112704 - Arch Linux update for ceph

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020112704

SB2020112704 - Arch Linux update for ceph

Published: November 27, 2020

Security Bulletin ID SB2020112704
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2020-10753)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.


2) Use of insufficiently random values (CVE-ID: CVE-2020-1759)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.


3) Stored cross-site scripting (CVE-ID: CVE-2020-1760)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2020-25660)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform  replay attacks in Nautilus.

The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.


Remediation

Install update from vendor's website.

References