RHEL 7 : Red Hat Ceph Storage (RHSA-2016:2815)

medium Nessus Plugin ID 110330

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2815 advisory.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

The following packages have been upgraded to a newer upstream version: ceph (10.2.3), ceph-deploy (1.5.36), calamari-server (1.4.9), nfs-ganesha (2.4.0), ceph-iscsi-config (1.5), libntirpc (1.4.1), ceph- iscsi-tools (1.1). (BZ#1340004, BZ#1349999)

Security Fix(es):

* A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
(CVE-2016-8626)

Bug Fix(es) and Enhancement(s):

For detailed information on changes in this release, see the Red Hat Ceph Storage 2.1 Release Notes available at:

https://access.redhat.com/documentation/en/red-hat-ceph-storage/2.1/single/release-notes/

All users of Red Hat Ceph Storage are advised to upgrade to these updated packages.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1347174

https://bugzilla.redhat.com/show_bug.cgi?id=1347205

https://bugzilla.redhat.com/show_bug.cgi?id=1347664

https://bugzilla.redhat.com/show_bug.cgi?id=1348928

https://bugzilla.redhat.com/show_bug.cgi?id=1348940

https://bugzilla.redhat.com/show_bug.cgi?id=1349116

https://bugzilla.redhat.com/show_bug.cgi?id=1349332

https://bugzilla.redhat.com/show_bug.cgi?id=1349955

https://bugzilla.redhat.com/show_bug.cgi?id=1349999

https://bugzilla.redhat.com/show_bug.cgi?id=1350522

https://bugzilla.redhat.com/show_bug.cgi?id=1351484

https://bugzilla.redhat.com/show_bug.cgi?id=1352888

https://bugzilla.redhat.com/show_bug.cgi?id=1354459

https://bugzilla.redhat.com/show_bug.cgi?id=1356931

https://bugzilla.redhat.com/show_bug.cgi?id=1358024

https://bugzilla.redhat.com/show_bug.cgi?id=1359712

https://bugzilla.redhat.com/show_bug.cgi?id=1360849

https://bugzilla.redhat.com/show_bug.cgi?id=1364352

https://bugzilla.redhat.com/show_bug.cgi?id=1364353

https://bugzilla.redhat.com/show_bug.cgi?id=1365648

https://bugzilla.redhat.com/show_bug.cgi?id=1367182

https://bugzilla.redhat.com/show_bug.cgi?id=1367442

https://bugzilla.redhat.com/show_bug.cgi?id=1372346

https://bugzilla.redhat.com/show_bug.cgi?id=1374224

https://bugzilla.redhat.com/show_bug.cgi?id=1377774

http://www.nessus.org/u?40581b09

https://access.redhat.com/errata/RHSA-2016:2815

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1241725

https://bugzilla.redhat.com/show_bug.cgi?id=1265792

https://bugzilla.redhat.com/show_bug.cgi?id=1300855

https://bugzilla.redhat.com/show_bug.cgi?id=1314582

https://bugzilla.redhat.com/show_bug.cgi?id=1314584

https://bugzilla.redhat.com/show_bug.cgi?id=1318409

https://bugzilla.redhat.com/show_bug.cgi?id=1326740

https://bugzilla.redhat.com/show_bug.cgi?id=1331770

https://bugzilla.redhat.com/show_bug.cgi?id=1332513

https://bugzilla.redhat.com/show_bug.cgi?id=1333398

https://bugzilla.redhat.com/show_bug.cgi?id=1339256

https://bugzilla.redhat.com/show_bug.cgi?id=1340004

https://bugzilla.redhat.com/show_bug.cgi?id=1340772

https://bugzilla.redhat.com/show_bug.cgi?id=1346946

https://bugzilla.redhat.com/show_bug.cgi?id=1347137

https://bugzilla.redhat.com/show_bug.cgi?id=1378675

https://bugzilla.redhat.com/show_bug.cgi?id=1379835

https://bugzilla.redhat.com/show_bug.cgi?id=1380601

https://bugzilla.redhat.com/show_bug.cgi?id=1381687

https://bugzilla.redhat.com/show_bug.cgi?id=1381692

https://bugzilla.redhat.com/show_bug.cgi?id=1381694

https://bugzilla.redhat.com/show_bug.cgi?id=1382044

https://bugzilla.redhat.com/show_bug.cgi?id=1383631

https://bugzilla.redhat.com/show_bug.cgi?id=1383728

https://bugzilla.redhat.com/show_bug.cgi?id=1384002

https://bugzilla.redhat.com/show_bug.cgi?id=1384008

https://bugzilla.redhat.com/show_bug.cgi?id=1384230

https://bugzilla.redhat.com/show_bug.cgi?id=1384748

https://bugzilla.redhat.com/show_bug.cgi?id=1385729

https://bugzilla.redhat.com/show_bug.cgi?id=1386910

https://bugzilla.redhat.com/show_bug.cgi?id=1386939

https://bugzilla.redhat.com/show_bug.cgi?id=1387332

https://bugzilla.redhat.com/show_bug.cgi?id=1389193

https://bugzilla.redhat.com/show_bug.cgi?id=1393665

Plugin Details

Severity: Medium

ID: 110330

File Name: redhat-RHSA-2016-2815.nasl

Version: 1.9

Type: local

Agent: unix

Published: 6/6/2018

Updated: 3/20/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2016-8626

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ceph-iscsi-tools, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:ceph-osd, p-cpe:/a:redhat:enterprise_linux:ceph-iscsi-config, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-rgw, p-cpe:/a:redhat:enterprise_linux:libntirpc, p-cpe:/a:redhat:enterprise_linux:ceph-test, p-cpe:/a:redhat:enterprise_linux:librbd1-devel, p-cpe:/a:redhat:enterprise_linux:python-rbd, p-cpe:/a:redhat:enterprise_linux:libcephfs1-devel, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:libcephfs1, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, p-cpe:/a:redhat:enterprise_linux:calamari-server, p-cpe:/a:redhat:enterprise_linux:librados2-devel, p-cpe:/a:redhat:enterprise_linux:ceph-deploy, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha, p-cpe:/a:redhat:enterprise_linux:python-rados, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:ceph-mon, p-cpe:/a:redhat:enterprise_linux:python-cephfs, p-cpe:/a:redhat:enterprise_linux:librgw2-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/17/2017

Vulnerability Publication Date: 7/31/2018

Reference Information

CVE: CVE-2016-8626

CWE: 476

RHSA: 2016:2815