Bug 1890354 (CVE-2020-25660)
Summary: | CVE-2020-25660 ceph: CEPHX_V2 replay attack protection lost | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adeza, amctagga, bniver, branto, carnil, danmick, david, dbecker, fedora, gfidente, hvyas, idryomov, i, jdurgin, jjoyce, josef, jschluet, kkeithle, lhh, loic, lpeer, madam, mburns, mhicks, ocs-bugs, ramkrsna, sclewis, security-response-team, slinaber, sostapov, steve |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ceph 15.2.6, ceph 14.2.14 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Cephx authentication protocol, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-12-02 17:33:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1892823, 1898551, 1899327, 1910513 | ||
Bug Blocks: | 1889858 |
Description
Sage McTaggart
2020-10-22 00:34:53 UTC
https://github.com/ceph/ceph/pull/30524 https://github.com/ceph/ceph/pull/30523 These are the commits where the flaw was introduced. Acknowledgments: Name: Ilya Dryomov (Red Hat) Statement: Red Hat Ceph Storage 3 has already had a fix shipped for this particular flaw. RHCS 4.1 is shipped with CVE-2018-1128 vulnerability reintroduced, affecting msgr 2 protocol. Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only, that has reached End Of Life. Hence, ceph package is no longer used and supported with the release of RHOCS 4.3. Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1898551] Upstream fixes: Ceph 15.2.6: https://github.com/ceph/ceph/commit/6c14c2fb5650426285428dfe6ca1597e5ea1d07d https://github.com/ceph/ceph/commit/1316c82aae8c51b3fe10d8a8f0a87b60db54ee16 https://github.com/ceph/ceph/commit/bafdfec8f974f1a3f7d404bcfd0a4cfad784937d Ceph 14.2.14: https://github.com/ceph/ceph/commit/2927fd91d41e505237cc73f9700e5c6a63e5cb4f https://github.com/ceph/ceph/commit/4c11203122d729c832a645c9e3f5092db4963840 https://github.com/ceph/ceph/commit/bb5d3d58bfcae96d2e5f796eaa74fc0987f79e77 External References: https://ceph.io/community/v15-2-6-octopus-released/ https://ceph.io/releases/v14-2-14-nautilus-released/ This issue has been addressed in the following products: Red Hat Ceph Storage 4.1 Via RHSA-2020:5325 https://access.redhat.com/errata/RHSA-2020:5325 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25660 FEDORA-2020-a8f1120195 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Ceph Storage 4.2 Via RHSA-2021:0081 https://access.redhat.com/errata/RHSA-2021:0081 |