SUSE update for ceph

Published: 2021-05-04

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2021-20288
CWE-ID	CWE-287
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Linux Enterprise Module for Basesystem Operating systems & Components / Operating system cephadm Operating systems & Components / Operating system package or component ceph-base-debuginfo Operating systems & Components / Operating system package or component ceph-base Operating systems & Components / Operating system package or component rbd-nbd-debuginfo Operating systems & Components / Operating system package or component rbd-nbd Operating systems & Components / Operating system package or component rados-objclass-devel Operating systems & Components / Operating system package or component python3-rgw-debuginfo Operating systems & Components / Operating system package or component python3-rgw Operating systems & Components / Operating system package or component python3-rbd-debuginfo Operating systems & Components / Operating system package or component python3-rbd Operating systems & Components / Operating system package or component python3-rados-debuginfo Operating systems & Components / Operating system package or component python3-rados Operating systems & Components / Operating system package or component python3-cephfs-debuginfo Operating systems & Components / Operating system package or component python3-cephfs Operating systems & Components / Operating system package or component python3-ceph-common Operating systems & Components / Operating system package or component python3-ceph-argparse Operating systems & Components / Operating system package or component librgw2-debuginfo Operating systems & Components / Operating system package or component librgw2 Operating systems & Components / Operating system package or component librgw-devel Operating systems & Components / Operating system package or component librbd1-debuginfo Operating systems & Components / Operating system package or component librbd1 Operating systems & Components / Operating system package or component librbd-devel Operating systems & Components / Operating system package or component libradospp-devel Operating systems & Components / Operating system package or component librados2-debuginfo Operating systems & Components / Operating system package or component librados2 Operating systems & Components / Operating system package or component librados-devel-debuginfo Operating systems & Components / Operating system package or component librados-devel Operating systems & Components / Operating system package or component libcephfs2-debuginfo Operating systems & Components / Operating system package or component libcephfs2 Operating systems & Components / Operating system package or component libcephfs-devel Operating systems & Components / Operating system package or component ceph-debugsource Operating systems & Components / Operating system package or component ceph-common-debuginfo Operating systems & Components / Operating system package or component ceph-common Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Authentication

EUVDB-ID: #VU53692

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-20288

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in authentication flow related to CEPHX_GET_AUTH_SESSION_KEY requests. The application does not check other_keys and allows key reuse. A remote attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

SUSE Enterprise Storage: 7.1

SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3

cephadm: before 15.2.11.83+g8a15f484c2-3.20.1

ceph-base-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

ceph-base: before 15.2.11.83+g8a15f484c2-3.20.1

rbd-nbd-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

rbd-nbd: before 15.2.11.83+g8a15f484c2-3.20.1

rados-objclass-devel: before 15.2.11.83+g8a15f484c2-3.20.1

python3-rgw-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

python3-rgw: before 15.2.11.83+g8a15f484c2-3.20.1

python3-rbd-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

python3-rbd: before 15.2.11.83+g8a15f484c2-3.20.1

python3-rados-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

python3-rados: before 15.2.11.83+g8a15f484c2-3.20.1

python3-cephfs-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

python3-cephfs: before 15.2.11.83+g8a15f484c2-3.20.1

python3-ceph-common: before 15.2.11.83+g8a15f484c2-3.20.1

python3-ceph-argparse: before 15.2.11.83+g8a15f484c2-3.20.1

librgw2-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

librgw2: before 15.2.11.83+g8a15f484c2-3.20.1

librgw-devel: before 15.2.11.83+g8a15f484c2-3.20.1

librbd1-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

librbd1: before 15.2.11.83+g8a15f484c2-3.20.1

librbd-devel: before 15.2.11.83+g8a15f484c2-3.20.1

libradospp-devel: before 15.2.11.83+g8a15f484c2-3.20.1

librados2-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

librados2: before 15.2.11.83+g8a15f484c2-3.20.1

librados-devel-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

librados-devel: before 15.2.11.83+g8a15f484c2-3.20.1

libcephfs2-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

libcephfs2: before 15.2.11.83+g8a15f484c2-3.20.1

libcephfs-devel: before 15.2.11.83+g8a15f484c2-3.20.1

ceph-debugsource: before 15.2.11.83+g8a15f484c2-3.20.1

ceph-common-debuginfo: before 15.2.11.83+g8a15f484c2-3.20.1

ceph-common: before 15.2.11.83+g8a15f484c2-3.20.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211474-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.