A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, and corrupt snapshot images. This would require user to have read access and for that user must have key for authentication. It would only affect snapshots and images. So attacker with read access will only be able to corrupt data of snapshot images and rest of the ceph cluster should work as it is. Affect on integrity would be low and availability part can be controlled by mitigation using 'mon_allow_pool_delete = false' in ceph.conf to disable deletion of pools
Mitigation: Use mon_allow_pool_delete = false in ceph.conf to disable deletion of pools ~]$ for p in `rados lspools` do ceph osd pool set $p nodelete true done caveat: This mitigation does not protect against attacker from corrupting snapshot images
upstream fix: http://tracker.ceph.com/issues/24838 https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1599407]
This issue has been addressed in the following products: Red Hat Ceph Storage 3.0 for Ubuntu 16.04 Via RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2177
This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2179
This issue has been addressed in the following products: Red Hat Ceph Storage 2 for Ubuntu 16.04 Via RHSA-2018:2274 https://access.redhat.com/errata/RHSA-2018:2274
This issue has been addressed in the following products: Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 Via RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2261
Fixed upstream in versions: 10.2.11, 12.2.6, and 13.2.1 https://docs.ceph.com/en/latest/releases/jewel/#v10-2-11-jewel https://docs.ceph.com/en/latest/releases/luminous/#v12-2-6-luminous https://docs.ceph.com/en/latest/releases/mimic/#v13-2-1-mimic