Bug 1791691 (CVE-2020-1700) - CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server
Summary: CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS ...
Keywords:
Status: NEW
Alias: CVE-2020-1700
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1793038 1794358 1796995
Blocks: 1791692
TreeView+ depends on / blocked
 
Reported: 2020-01-16 11:37 UTC by Marian Rehak
Modified: 2023-08-03 08:30 UTC (History)
21 users (show)

Fixed In Version: ceph 14.2.4-125.el8cp, ceph 14.2.4-51.el7cp
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2020-01-16 11:37:53 UTC 
An unexpected disconnect during processing of some ops with Beast front-end configured (the default in rhcs-4.0) can lead to permanent leak of a socket connection by radosgw.
Comment 1 Hardik Vyas 2020-01-17 07:56:26 UTC 
Mitigation:

If Beast front end is in use, switch to CivetWeb to mitigate the issue. The following is an example of the /etc/ceph/ceph.conf file:

<snip>
...
[client.rgw.node1]
rgw frontends = civetweb
...
</snip>
Comment 5 Hardik Vyas 2020-01-17 15:19:49 UTC 
Acknowledgments:

Name: Or Friedman (Red Hat)
Comment 10 Hardik Vyas 2020-01-31 17:26:14 UTC 
Pull Request: https://github.com/ceph/ceph/pull/33017
Patch: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a
Comment 11 Hardik Vyas 2020-01-31 17:27:32 UTC 
Created ceph tracking bugs for this issue:

Affects: fedora-all [bug 1796995]
Comment 14 Anten Skrabec 2020-02-04 20:25:05 UTC 
Removing affected from Openstack platform as versions shipped by ceph repositories are not affected.
Comment 16 Riccardo Schirone 2020-03-09 09:54:26 UTC 
Statement:

* Red Hat Ceph Storage 3 is not affected by this flaw, as beast is unsupported in the product.
* Red Hat Ceph Storage 4 is not affected by this flaw, as it is shipping patched version of ceph.
* Red Hat Openshift Container Storage 4.2 is affected by this flaw, as it is using the affected version of ceph.
* Red Hat OpenStack Platform 13 included some Ceph components at release for in order to support ppc64le. The version provided in the OpenStack repositories is outdated and customers are expected to be using versions provided in Ceph repositories now. Red Hat OpenStack Platform 13 operators should verify they are using Ceph repositories which are up to date and unaffected by this vulnerability.
* Red Hat Enterprise Linux 7 is not affected by this flaw, as it ships an old version of the code which does not include the vulnerable code.
* Red Hat Enterprise Linux 8 is not affected by this flaw, as only libcephfs-devel component is shipped and it does include the vulnerable code.
Note You need to log in before you can comment on or make changes to this bug.