Ubuntu update for ceph



Published: 2021-01-28
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-1128
CVE-2020-10736
CVE-2020-10753
CVE-2020-25660
CWE-ID CWE-264
CWE-285
CWE-74
CWE-288
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

ceph-common (Ubuntu package)
Operating systems & Components / Operating system package or component

ceph-base (Ubuntu package)
Operating systems & Components / Operating system package or component

ceph (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU14542

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-1128

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to conduct replay attack on the target system.

The vulnerability exists in ceph branches master, mimic, luminous and jewel due to cephx authentication protocol did not verify ceph clients correctly. An adjacent attacker with access to ceph cluster network who is able to sniff packets on network can authenticate with ceph service, perform actions allowed by ceph service, conduct replay attack and bypass security restrictions.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

Ubuntu: 20.10, 20.04

ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2


CPE2.3 External links

http://ubuntu.com/security/notices/USN-4706-1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Authorization

EUVDB-ID: #VU28173

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-10736

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper authorization, related to mons & mgrs. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

Ubuntu: 20.10, 20.04

ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2


CPE2.3 External links

http://ubuntu.com/security/notices/USN-4706-1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper Neutralization of Special Elements in Output Used by a Downstream Component

EUVDB-ID: #VU48628

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-10753

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

Ubuntu: 20.10, 20.04

ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2


CPE2.3 External links

http://ubuntu.com/security/notices/USN-4706-1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU48684

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25660

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform  replay attacks in Nautilus.

The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

Ubuntu: 20.10, 20.04

ceph-common (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph-base (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2

ceph (Ubuntu package): before 15.2.7-0ubuntu0.20.04.2


CPE2.3 External links

http://ubuntu.com/security/notices/USN-4706-1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###