Описание
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | ceph | Affected | ||
| Red Hat Enterprise Linux 7 | ceph-common | Not affected | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Red Hat Ceph Storage 3.3 | ceph | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | ceph-ansible | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | ceph-iscsi-config | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | cephmetrics | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | libntirpc | Fixed | RHSA-2019:2538 | 21.08.2019 |
| Red Hat Ceph Storage 3.3 | nfs-ganesha | Fixed | RHSA-2019:2538 | 21.08.2019 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
Уязвимость системы хранения данных Ceph, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
6.5 Medium
CVSS3