Ubuntu update for ceph

1) Improper Authorization

EUVDB-ID: #VU82112

Risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-43040

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: Yes

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improper authorization in radogw API gateway in Ceph when processing POST requests. A remote unprivileged user can write to any bucket(s) accessible by a given key if a POST form-data contains a key called "bucket" with a value matching the bucket's name used to sign the request.

Mitigation

Update the affected package ceph to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 23.10

ceph-common (Ubuntu package): before Ubuntu Pro

ceph-base (Ubuntu package): before Ubuntu Pro

ceph (Ubuntu package): before Ubuntu Pro

CPE2.3

• cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu:23.10:*:*:*:*:*:*:*
• cpe:2.3:a:canonical:ceph-common_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:ceph-base_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:a:canonical:ceph_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6613-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.