Authentication bypass using an alternate path or channel in Ceph

#VU48684 Authentication bypass using an alternate path or channel in Ceph

Published: 2020-11-23 | Updated: 2020-11-27

Vulnerability identifier: #VU48684

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25660

CWE-ID:

Exploitation vector: Local network

Exploit availability:

Vulnerable software:
Ceph
Server applications / Other server solutions

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform replay attacks in Nautilus.

The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Ceph: 14.0.0 - 15.2.5

Fixed software versions

CPE

cpe:2.3:a:red_hat:ceph:15.2.5:*:*:*:*:*:*:*

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1890354
http://ceph.io/community/v15-2-6-octopus-released/
http://ceph.io/releases/v14-2-14-nautilus-released/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Gentoo update for Ceph

Ubuntu update for ceph

Multiple vulnerabilities in Red Hat OpenShift Container Storage

Authentication bypass using an alternate path or channel in ceph (Alpine package)

Authentication bypass in Red Hat Ceph Storage 4

Arch Linux update for ceph

Authentication bypass in Ceph