Bug 1791691 (CVE-2020-1700)
| Summary: | CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bniver, danmick, david, fedora, gfidente, hvyas, i, jdurgin, jjoyce, josef, jschluet, lhh, loic, lpeer, mburns, ramkrsna, sclewis, sisharma, slinaber, sostapov, steve |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ceph 14.2.4-125.el8cp, ceph 14.2.4-51.el7cp | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1793038, 1794358, 1796995 | ||
| Bug Blocks: | 1791692 | ||
|
Description
Marian Rehak
2020-01-16 11:37:53 UTC
Mitigation: If Beast front end is in use, switch to CivetWeb to mitigate the issue. The following is an example of the /etc/ceph/ceph.conf file: <snip> ... [client.rgw.node1] rgw frontends = civetweb ... </snip> Acknowledgments: Name: Or Friedman (Red Hat) Pull Request: https://github.com/ceph/ceph/pull/33017 Patch: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1796995] Removing affected from Openstack platform as versions shipped by ceph repositories are not affected. Statement: * Red Hat Ceph Storage 3 is not affected by this flaw, as beast is unsupported in the product. * Red Hat Ceph Storage 4 is not affected by this flaw, as it is shipping patched version of ceph. * Red Hat Openshift Container Storage 4.2 is affected by this flaw, as it is using the affected version of ceph. * Red Hat OpenStack Platform 13 included some Ceph components at release for in order to support ppc64le. The version provided in the OpenStack repositories is outdated and customers are expected to be using versions provided in Ceph repositories now. Red Hat OpenStack Platform 13 operators should verify they are using Ceph repositories which are up to date and unaffected by this vulnerability. * Red Hat Enterprise Linux 7 is not affected by this flaw, as it ships an old version of the code which does not include the vulnerable code. * Red Hat Enterprise Linux 8 is not affected by this flaw, as only libcephfs-devel component is shipped and it does include the vulnerable code. |