Описание
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete and corrupt snapshot images
Меры по смягчению последствий
Use mon_allow_pool_delete = false in ceph.conf to disable deletion of pools
~]$ for p in rados lspools
do
ceph osd pool set $p nodelete true
done
caveat: This mitigation does not protect against attacker from corrupting snapshot images
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | ceph-common | Not affected | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Ceph Storage 2.5 | ceph | Fixed | RHSA-2018:2261 | 26.07.2018 |
| Red Hat Ceph Storage 2.5 | ceph-ansible | Fixed | RHSA-2018:2261 | 26.07.2018 |
| Red Hat Ceph Storage 2 for Ubuntu | Fixed | RHSA-2018:2274 | 26.07.2018 | |
| Red Hat Ceph Storage 3.0 | ceph | Fixed | RHSA-2018:2177 | 11.07.2018 |
| Red Hat Ceph Storage 3.0 | ceph-ansible | Fixed | RHSA-2018:2177 | 11.07.2018 |
| Red Hat Ceph Storage 3.0 | cephmetrics | Fixed | RHSA-2018:2177 | 11.07.2018 |
| Red Hat Ceph Storage 3.0 | nfs-ganesha | Fixed | RHSA-2018:2177 | 11.07.2018 |
| Red Hat Ceph Storage 3 for Ubuntu | Fixed | RHSA-2018:2179 | 11.07.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
A flaw was found in the way ceph mon handles user requests. Any authen ...
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.
EPSS
4.6 Medium
CVSS3