Ubuntu update for ceph
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-1128 CVE-2020-10736 CVE-2020-10753 CVE-2020-25660 |
| CWE-ID | CWE-264 CWE-285 CWE-74 CWE-288 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system ceph-common (Ubuntu package) Operating systems & Components / Operating system package or component ceph-base (Ubuntu package) Operating systems & Components / Operating system package or component ceph (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU14542
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1128
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to conduct replay attack on the target system.
The vulnerability exists in ceph branches master, mimic, luminous and jewel due to cephx authentication protocol did not verify ceph clients correctly. An adjacent attacker with access to ceph cluster network who is able to sniff packets on network can authenticate with ceph service, perform actions allowed by ceph service, conduct replay attack and bypass security restrictions.
MitigationUpdate the affected package ceph to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 20.10
ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
External linkshttp://ubuntu.com/security/notices/USN-4706-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authorization
EUVDB-ID: #VU28173
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10736
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper authorization, related to mons & mgrs. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions.
Update the affected package ceph to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 20.10
ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
External linkshttp://ubuntu.com/security/notices/USN-4706-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU48628
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10753
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
MitigationUpdate the affected package ceph to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 20.10
ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
External linkshttp://ubuntu.com/security/notices/USN-4706-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Authentication bypass using an alternate path or channel
EUVDB-ID: #VU48684
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25660
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform replay attacks in Nautilus.
The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.
Update the affected package ceph to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 20.10
ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.10.3
External linkshttp://ubuntu.com/security/notices/USN-4706-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
