Detections
Analytics
RHEL 7 : Red Hat Ceph Storage 3.3 (RHSA-2019:2538)
high Nessus Plugin ID 128106
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2538 advisory.Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Security Fix(es):
* ceph: ListBucket max-keys has no defined limit in the RGW codebase (CVE-2018-16846)
* ceph: debug logging for v4 auth does not sanitize encryption keys (CVE-2018-16889)
* ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key (CVE-2018-14662)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es) and Enhancement(s):
For detailed information on changes in this release, see the Red Hat Ceph Storage 3.3 Release Notes available at:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3.3/html/release_notes/index
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?44063626
http://www.nessus.org/u?6a171f27
https://access.redhat.com/errata/RHSA-2019:2538
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1337915
https://bugzilla.redhat.com/show_bug.cgi?id=1572933
https://bugzilla.redhat.com/show_bug.cgi?id=1599852
https://bugzilla.redhat.com/show_bug.cgi?id=1627567
https://bugzilla.redhat.com/show_bug.cgi?id=1628309
https://bugzilla.redhat.com/show_bug.cgi?id=1628311
https://bugzilla.redhat.com/show_bug.cgi?id=1631010
https://bugzilla.redhat.com/show_bug.cgi?id=1636136
https://bugzilla.redhat.com/show_bug.cgi?id=1637327
https://bugzilla.redhat.com/show_bug.cgi?id=1639712
https://bugzilla.redhat.com/show_bug.cgi?id=1644321
https://bugzilla.redhat.com/show_bug.cgi?id=1644461
https://bugzilla.redhat.com/show_bug.cgi?id=1644610
https://bugzilla.redhat.com/show_bug.cgi?id=1644847
https://bugzilla.redhat.com/show_bug.cgi?id=1651054
https://bugzilla.redhat.com/show_bug.cgi?id=1656908
https://bugzilla.redhat.com/show_bug.cgi?id=1659611
https://bugzilla.redhat.com/show_bug.cgi?id=1661504
https://bugzilla.redhat.com/show_bug.cgi?id=1665334
https://bugzilla.redhat.com/show_bug.cgi?id=1666822
https://bugzilla.redhat.com/show_bug.cgi?id=1668478
https://bugzilla.redhat.com/show_bug.cgi?id=1668896
https://bugzilla.redhat.com/show_bug.cgi?id=1668897
https://bugzilla.redhat.com/show_bug.cgi?id=1669838
https://bugzilla.redhat.com/show_bug.cgi?id=1670527
https://bugzilla.redhat.com/show_bug.cgi?id=1670785
https://bugzilla.redhat.com/show_bug.cgi?id=1677269
https://bugzilla.redhat.com/show_bug.cgi?id=1680144
https://bugzilla.redhat.com/show_bug.cgi?id=1680155
https://bugzilla.redhat.com/show_bug.cgi?id=1685253
https://bugzilla.redhat.com/show_bug.cgi?id=1685734
https://bugzilla.redhat.com/show_bug.cgi?id=1686306
https://bugzilla.redhat.com/show_bug.cgi?id=1695850
https://bugzilla.redhat.com/show_bug.cgi?id=1696227
https://bugzilla.redhat.com/show_bug.cgi?id=1696691
https://bugzilla.redhat.com/show_bug.cgi?id=1696880
https://bugzilla.redhat.com/show_bug.cgi?id=1700896
https://bugzilla.redhat.com/show_bug.cgi?id=1701029
https://bugzilla.redhat.com/show_bug.cgi?id=1702091
https://bugzilla.redhat.com/show_bug.cgi?id=1702092
https://bugzilla.redhat.com/show_bug.cgi?id=1702093
https://bugzilla.redhat.com/show_bug.cgi?id=1702097
https://bugzilla.redhat.com/show_bug.cgi?id=1702099
https://bugzilla.redhat.com/show_bug.cgi?id=1702100
https://bugzilla.redhat.com/show_bug.cgi?id=1702732
https://bugzilla.redhat.com/show_bug.cgi?id=1703557
https://bugzilla.redhat.com/show_bug.cgi?id=1704948
https://bugzilla.redhat.com/show_bug.cgi?id=1705258
https://bugzilla.redhat.com/show_bug.cgi?id=1705922
https://bugzilla.redhat.com/show_bug.cgi?id=1708346
https://bugzilla.redhat.com/show_bug.cgi?id=1708650
https://bugzilla.redhat.com/show_bug.cgi?id=1708798
https://bugzilla.redhat.com/show_bug.cgi?id=1709765
https://bugzilla.redhat.com/show_bug.cgi?id=1710855
https://bugzilla.redhat.com/show_bug.cgi?id=1713779
https://bugzilla.redhat.com/show_bug.cgi?id=1714810
https://bugzilla.redhat.com/show_bug.cgi?id=1714814
https://bugzilla.redhat.com/show_bug.cgi?id=1715577
https://bugzilla.redhat.com/show_bug.cgi?id=1715946
https://bugzilla.redhat.com/show_bug.cgi?id=1717135
https://bugzilla.redhat.com/show_bug.cgi?id=1718135
https://bugzilla.redhat.com/show_bug.cgi?id=1718328
https://bugzilla.redhat.com/show_bug.cgi?id=1719023
https://bugzilla.redhat.com/show_bug.cgi?id=1720205
https://bugzilla.redhat.com/show_bug.cgi?id=1720741
https://bugzilla.redhat.com/show_bug.cgi?id=1721165
https://bugzilla.redhat.com/show_bug.cgi?id=1722663
https://bugzilla.redhat.com/show_bug.cgi?id=1722664
https://bugzilla.redhat.com/show_bug.cgi?id=1725521
https://bugzilla.redhat.com/show_bug.cgi?id=1725536
https://bugzilla.redhat.com/show_bug.cgi?id=1732142
https://bugzilla.redhat.com/show_bug.cgi?id=1732706
Plugin Details
Severity: High
ID: 128106
File Name: redhat-RHSA-2019-2538.nasl
Version: 1.9
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 8/23/2019
Updated: 11/6/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2018-16889
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:python-crypto, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-ceph, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:ceph-osd, p-cpe:/a:redhat:enterprise_linux:ceph-iscsi-config, p-cpe:/a:redhat:enterprise_linux:ceph-mgr, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-rgw, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:libntirpc, p-cpe:/a:redhat:enterprise_linux:ceph-test, p-cpe:/a:redhat:enterprise_linux:librbd-devel, p-cpe:/a:redhat:enterprise_linux:python-rgw, p-cpe:/a:redhat:enterprise_linux:python-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-ansible, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:cephmetrics, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python-cephfs, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, p-cpe:/a:redhat:enterprise_linux:nfs-ganesha, p-cpe:/a:redhat:enterprise_linux:python-rados, p-cpe:/a:redhat:enterprise_linux:python2-crypto, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:ceph-mon, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel, p-cpe:/a:redhat:enterprise_linux:cephmetrics-ansible
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/21/2019
Vulnerability Publication Date: 1/15/2019