Main Vulnerability Database Vulnerabilities #VU14329

#VU14329 Security restrictions bypass in Ceph - CVE-2018-10861

Published: August 10, 2018 / Updated: August 28, 2018

Vulnerability identifier: #VU14329

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10861

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Ceph

Software vendor:
Red Hat Inc.

Description

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists in ceph branches master, mimic, luminous and jewel due to improper handling of user-supplied requests by ceph mon. An adjacent attacker with read access to ceph can delete, create ceph storage pools and corrupt snapshot images.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/security/cve/cve-2018-10861

#VU14329 Security restrictions bypass in Ceph - CVE-2018-10861

Description

Remediation

External links

Please verify you're human