Red Hat Bugzilla – Bug 1389193
CVE-2016-8626 Ceph: RGW Denial of Service by sending null or specially crafted POST object requests
Last modified: 2016-12-01 17:38:59 EST
Description: A Flaw was found using which authenticated attacker can send post object with null conditions to ceph rados gateway which would lead to crash of ceph-radosgw service resulting in Denial of Service. http://tracker.ceph.com/issues/17635 https://bugzilla.redhat.com/show_bug.cgi?id=1387332
Workaround: 1. By default system will use /etc/init.d/ceph-radosgw stop this service by ~]# /etc/init.d/ceph-radosgw stop 2. Create systemd service, change command line params according to the environment where Ceph radosgw is running. ~]# cat /usr/lib/systemd/system/ceph-rgw.service [Unit] Description=Ceph RGW daemon [Service] Type=forking ExecStart=/bin/radosgw -n client.rgw.$(HOSTNAME REDACTED) Restart=on-abnormal RestartSec=1s [Install] WantedBy=multi-user.target 3. Run systemd service 'ceph-rgw.service' Caveat: It still takes +1-2 sec to get service back online. Attacker has to know bucket-name and for that attacker must be authenticated so if service get a lot of such requests user/attacker can be blocked by revoking access to service.
This issue has been addressed in the following products: Red Hat Ceph Storage 2 for Ubuntu 16.04 Via RHSA-2016:2816 https://rhn.redhat.com/errata/RHSA-2016-2816.html
This issue has been addressed in the following products: Red Hat Ceph Storage 2 for RHEL 7 Via RHSA-2016:2815 https://rhn.redhat.com/errata/RHSA-2016-2815.html
This issue has been addressed in the following products: Red Hat Ceph Storage 1.3 for RHEL 7 Via RHSA-2016:2847 https://rhn.redhat.com/errata/RHSA-2016-2847.html
This issue has been addressed in the following products: Red Hat Ceph Storage 1.3 for Ubuntu 14.04 Via RHSA-2016:2848 https://rhn.redhat.com/errata/RHSA-2016-2848.html