Bug 1656852 (CVE-2019-3821)

Summary: CVE-2019-3821 ceph: radosgw: Resource exhaustion via TCP connection to port serving the SSL endpoint
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: branto, danmick, david, fedora, i, josef, kkeithle, loic, ramkrsna, security-response-team, sisharma, steve
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-24 15:25:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1674929    
Bug Blocks: 1656854    

Description Pedro Sampaio 2018-12-06 13:24:10 UTC
A flaw was found in rados gateway shipped as part of ceph. Unclosed file descriptors while denying TCP connections to SSL serving port pile up until exhaustion of resources leading to potencial remote denial of service.

Comment 2 Siddharth Sharma 2019-02-11 17:19:03 UTC
External References:

https://github.com/ceph/civetweb/pull/33

Comment 3 Siddharth Sharma 2019-02-11 17:19:17 UTC
Created ceph tracking bugs for this issue:

Affects: fedora-all [bug 1674929]

Comment 4 Siddharth Sharma 2019-02-11 17:20:52 UTC
Statement:

This flaw does not  affect ceph version as shipped with Red Hat Ceph Storage 2 and Red Hat Ceph Storage 3.