1546610 – (CVE-2018-7262) CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service

Bug 1546610 (CVE-2018-7262) - CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service

Summary: CVE-2018-7262 ceph: Unauthenticated malformed HTTP requests handled by rgw_ci...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-7262
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1546611 1546613 1547673 1548926 1548927 1548928
Blocks:	1546612 1550199
TreeView+	depends on / blocked

Reported:	2018-02-19 02:57 UTC by Sam Fowler
Modified:	2023-09-20 14:12 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.
Clone Of:
Environment:
Last Closed:	2018-05-23 09:35:44 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:0546	0	None	None	None	2018-03-15 18:29:28 UTC
Red Hat Product Errata	RHSA-2018:0548	0	None	None	None	2018-03-15 18:31:04 UTC

Description Sam Fowler 2018-02-19 02:57:00 UTC

In ceph, HTTP request headers without a ":" character that are handled in rgw_civetweb.cc:RGW::init_env() can cause variables to be set to NULL, leading to a crash or other potentially unspecified behaviour.

Upstream Pull Request:

https://github.com/ceph/ceph/pull/20403

Comment 1 Sam Fowler 2018-02-19 02:57:35 UTC

Created ceph tracking bugs for this issue:

Affects: fedora-all [bug 1546611]

Comment 7 Siddharth Sharma 2018-02-26 03:58:32 UTC

Upstream Pull Request:

https://github.com/ceph/ceph/pull/20564

Comment 11 Siddharth Sharma 2018-03-15 14:27:18 UTC

upstream fix:

https://github.com/ceph/ceph/pull/20564/commits/b206912d753778b8d889a903f509a6f951cf41a4?diff=unified

Comment 12 errata-xmlrpc 2018-03-15 18:29:20 UTC

This issue has been addressed in the following products:

  Red Hat Ceph Storage 3.0 for Ubuntu 16.04

Via RHSA-2018:0546 https://access.redhat.com/errata/RHSA-2018:0546

Comment 13 errata-xmlrpc 2018-03-15 18:30:55 UTC

This issue has been addressed in the following products:

  Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7

Via RHSA-2018:0548 https://access.redhat.com/errata/RHSA-2018:0548

Comment 16 Boris Ranto 2018-05-22 22:39:07 UTC

This was fixed upstream in 12.2.4, the latest rebase fixed it downstream, too.

Comment 17 Boris Ranto 2018-05-22 22:42:40 UTC

I am sorry, I had too many tabs opened and I have accidentally closed the wrong bug.

Note You need to log in before you can comment on or make changes to this bug.