#VU17097 Memory corruption in Ceph - CVE-2018-16846

Cybersecurity Help s.r.o.

Published: 2019-01-21

Vulnerability identifier: #VU17097

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-16846

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ceph
Server applications / Other server solutions

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the RADOS Gateway (RGW) code base due to boundary error in the ListBucket max-keys function during bucket listing operations. A remote attacker with Ceph RGW user permissions can trigger memory corruption and perform a denial of service attack against object maps (OMAPs) holding bucket indexes.

Mitigation
Update to version 13.2.4.

Vulnerable software versions

Ceph: 12.1.0 - 13.2.3

External links
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846
https://ceph.com/releases/13-2-4-mimic-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for Red Hat Ceph Storage 3.3

OpenSUSE Linux update for ceph

Fedora 29 update for ceph

Multiple vulnerabilities in Red Hat Ceph Storage