Bug 1938031 (CVE-2021-20288)
Summary: | CVE-2021-20288 ceph: Unauthorized global_id reuse in cephx | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sage McTaggart <amctagga> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | adeza, amctagga, anharris, bniver, branto, danmick, david, dbecker, fedora, flucifre, gfidente, gmeno, hvyas, idryomov, i, jdurgin, jjoyce, josef, jschluet, kkeithle, lhh, loic, lpeer, madam, mbenjamin, mburns, mhackett, mhicks, ocs-bugs, ramkrsna, sclewis, security-response-team, slinaber, sostapov, steve, vereddy |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ceph 14.2.20 | Doc Type: | If docs needed, set a value |
Doc Text: |
An authentication flaw was found in ceph. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-15 21:03:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1939092, 1939093, 1940955, 1952085, 1952206, 2049519 | ||
Bug Blocks: | 1934783 |
Description
Sage McTaggart
2021-03-11 23:48:02 UTC
Acknowledgments: Name: Ilya Dryomov (Red Hat) Statement: * Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only, that has reached End Of Life. The shipped version of ceph package is no longer used and supported with the release of RHOCS 4.3. * Red Hat OpenStack Platform deployments use the ceph package directly from the Ceph channel; the RHOSP ceph package will not be updated at this time. * The ceph packages included in Red Hat Enterprise Linux only provide client side libraries and tools and therefore are not affected by this issue affecting ceph-mon service. Upstream patches: https://github.com/ceph/ceph/commits/nautilus (commits on top of 14.2.19) https://github.com/ceph/ceph/commits/octopus (commits on top of 15.2.10) https://github.com/ceph/ceph/commits/pacific (commits on top of 16.2.0) Merged into master: https://github.com/ceph/ceph/commit/f3a4166379b12d4a7bba667fe761e5b660552db1 Upstream trackers: https://tracker.ceph.com/issues/50452 https://tracker.ceph.com/issues/50453 https://tracker.ceph.com/issues/50454 https://tracker.ceph.com/issues/50455 Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1952085] This issue has been addressed in the following products: Red Hat Ceph Storage 4.2 Via RHSA-2021:2445 https://access.redhat.com/errata/RHSA-2021:2445 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20288 This issue has been addressed in the following products: Red Hat Ceph Storage 3 - ELS Via RHSA-2022:1394 https://access.redhat.com/errata/RHSA-2022:1394 |