#VU17097 Memory corruption in Ceph


Published: 2019-01-21

Vulnerability identifier: #VU17097

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16846

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ceph
Server applications / Other server solutions

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the RADOS Gateway (RGW) code base due to boundary error in the ListBucket max-keys function during bucket listing operations. A remote attacker with Ceph RGW user permissions can trigger memory corruption and perform a denial of service attack against object maps (OMAPs) holding bucket indexes.

Mitigation
Update to version 13.2.4.

Vulnerable software versions

Ceph: 12.1.0 - 13.2.3

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846
http://ceph.com/releases/13-2-4-mimic-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for Red Hat Ceph Storage 3.3
Red Hat update for Red Hat Ceph Storage 3.3
OpenSUSE Linux update for ceph
OpenSUSE Linux update for ceph
Multiple vulnerabilities in Red Hat Ceph Storage