Arch Linux update for ceph
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-10753 CVE-2020-1759 CVE-2020-1760 CVE-2020-25660 |
| CWE-ID | CWE-74 CWE-330 CWE-79 CWE-288 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Arch Linux Operating systems & Components / Operating system |
| Vendor | Arch Linux |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU48628
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10753
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
MitigationUpdate the affected package ceph to version 15.2.6-1.
Vulnerable software versionsArch Linux: All versions
External linkshttp://security.archlinux.org/advisory/ASA-202011-22
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of insufficiently random values
EUVDB-ID: #VU31809
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1759
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
MitigationUpdate the affected package ceph to version 15.2.6-1.
Vulnerable software versionsArch Linux: All versions
External linkshttp://security.archlinux.org/advisory/ASA-202011-22
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stored cross-site scripting
EUVDB-ID: #VU31882
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1760
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected package ceph to version 15.2.6-1.
Vulnerable software versionsArch Linux: All versions
External linkshttp://security.archlinux.org/advisory/ASA-202011-22
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Authentication bypass using an alternate path or channel
EUVDB-ID: #VU48684
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25660
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform replay attacks in Nautilus.
The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.
Update the affected package ceph to version 15.2.6-1.
Vulnerable software versionsArch Linux: All versions
External linkshttp://security.archlinux.org/advisory/ASA-202011-22
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
