Ceph monitors crash when an empty or malformed prefix is sent to mon_command by rados.py. Authenticated attacker can crash ceph monitors by sending specially crafted input to mon_command via rados.py.
Acknowledgments: Name: the Ceph project Upstream: Xiaoxi Chen
upstream fixes: https://github.com/ceph/ceph/pull/9700 https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
This issue has been addressed in the following products: Red Hat Ceph Storage 1.3 for RHEL 7 Via RHSA-2016:1384 https://access.redhat.com/errata/RHSA-2016:1384
This issue has been addressed in the following products: Red Hat Ceph Storage 1.3 for Ubuntu 14.04 Via RHSA-2016:1385 https://access.redhat.com/errata/RHSA-2016:1385