RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix update (Important) (RHSA-2021:0081)

high Nessus Plugin ID 144871

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0081 advisory.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage.

This package contains a new implementation of the original libtirpc, transport-independent RPC (TI-RPC) library for NFS-Ganesha.

NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules (called FSALs) provided as shared objects to support different file systems and name-spaces.

Security Fix(es):

* ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila (CVE-2020-27781)

* ceph: CEPHX_V2 replay attack protection lost (CVE-2020-25660)

* ceph-ansible: insecure ownership on /etc/ceph/iscsi-gateway.conf configuration file (CVE-2020-25677)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

These updated packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage 4.2 Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.2/html /release_notes/

All users of Red Hat Ceph Storage are advised to upgrade to these updated packages, which provide numerous bug fixes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ce45b86a

https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/errata/RHSA-2021:0081

https://bugzilla.redhat.com/show_bug.cgi?id=1582280

https://bugzilla.redhat.com/show_bug.cgi?id=1731158

https://bugzilla.redhat.com/show_bug.cgi?id=1763021

https://bugzilla.redhat.com/show_bug.cgi?id=1774428

https://bugzilla.redhat.com/show_bug.cgi?id=1774605

https://bugzilla.redhat.com/show_bug.cgi?id=1786106

https://bugzilla.redhat.com/show_bug.cgi?id=1791911

https://bugzilla.redhat.com/show_bug.cgi?id=1800382

https://bugzilla.redhat.com/show_bug.cgi?id=1826690

https://bugzilla.redhat.com/show_bug.cgi?id=1828246

https://bugzilla.redhat.com/show_bug.cgi?id=1829214

https://bugzilla.redhat.com/show_bug.cgi?id=1830375

https://bugzilla.redhat.com/show_bug.cgi?id=1831299

https://bugzilla.redhat.com/show_bug.cgi?id=1831682

https://bugzilla.redhat.com/show_bug.cgi?id=1836431

https://bugzilla.redhat.com/show_bug.cgi?id=1841436

https://bugzilla.redhat.com/show_bug.cgi?id=1845501

https://bugzilla.redhat.com/show_bug.cgi?id=1879836

https://bugzilla.redhat.com/show_bug.cgi?id=1880188

https://bugzilla.redhat.com/show_bug.cgi?id=1880252

https://bugzilla.redhat.com/show_bug.cgi?id=1880458

https://bugzilla.redhat.com/show_bug.cgi?id=1880476

https://bugzilla.redhat.com/show_bug.cgi?id=1881288

https://bugzilla.redhat.com/show_bug.cgi?id=1881313

https://bugzilla.redhat.com/show_bug.cgi?id=1881523

https://bugzilla.redhat.com/show_bug.cgi?id=1882426

https://bugzilla.redhat.com/show_bug.cgi?id=1882484

https://bugzilla.redhat.com/show_bug.cgi?id=1882705

https://bugzilla.redhat.com/show_bug.cgi?id=1883283

https://bugzilla.redhat.com/show_bug.cgi?id=1884023

https://bugzilla.redhat.com/show_bug.cgi?id=1885693

https://bugzilla.redhat.com/show_bug.cgi?id=1886461

https://bugzilla.redhat.com/show_bug.cgi?id=1886534

https://bugzilla.redhat.com/show_bug.cgi?id=1886653

https://bugzilla.redhat.com/show_bug.cgi?id=1886670

https://bugzilla.redhat.com/show_bug.cgi?id=1886677

https://bugzilla.redhat.com/show_bug.cgi?id=1887716

https://bugzilla.redhat.com/show_bug.cgi?id=1889426

https://bugzilla.redhat.com/show_bug.cgi?id=1889668

https://bugzilla.redhat.com/show_bug.cgi?id=1889712

https://bugzilla.redhat.com/show_bug.cgi?id=1889963

https://bugzilla.redhat.com/show_bug.cgi?id=1890354

https://bugzilla.redhat.com/show_bug.cgi?id=1890439

https://bugzilla.redhat.com/show_bug.cgi?id=1891098

https://bugzilla.redhat.com/show_bug.cgi?id=1892108

https://bugzilla.redhat.com/show_bug.cgi?id=1892173

https://bugzilla.redhat.com/show_bug.cgi?id=1892295

https://bugzilla.redhat.com/show_bug.cgi?id=1892387

https://bugzilla.redhat.com/show_bug.cgi?id=1893740

https://bugzilla.redhat.com/show_bug.cgi?id=1893989

https://bugzilla.redhat.com/show_bug.cgi?id=1894702

https://bugzilla.redhat.com/show_bug.cgi?id=1896587

https://bugzilla.redhat.com/show_bug.cgi?id=1897125

https://bugzilla.redhat.com/show_bug.cgi?id=1897995

https://bugzilla.redhat.com/show_bug.cgi?id=1847166

https://bugzilla.redhat.com/show_bug.cgi?id=1850947

https://bugzilla.redhat.com/show_bug.cgi?id=1855148

https://bugzilla.redhat.com/show_bug.cgi?id=1855439

https://bugzilla.redhat.com/show_bug.cgi?id=1855448

https://bugzilla.redhat.com/show_bug.cgi?id=1856916

https://bugzilla.redhat.com/show_bug.cgi?id=1856960

https://bugzilla.redhat.com/show_bug.cgi?id=1856981

https://bugzilla.redhat.com/show_bug.cgi?id=1857414

https://bugzilla.redhat.com/show_bug.cgi?id=1859180

https://bugzilla.redhat.com/show_bug.cgi?id=1859679

https://bugzilla.redhat.com/show_bug.cgi?id=1859872

https://bugzilla.redhat.com/show_bug.cgi?id=1860057

https://bugzilla.redhat.com/show_bug.cgi?id=1860073

https://bugzilla.redhat.com/show_bug.cgi?id=1860739

https://bugzilla.redhat.com/show_bug.cgi?id=1861755

https://bugzilla.redhat.com/show_bug.cgi?id=1866257

https://bugzilla.redhat.com/show_bug.cgi?id=1866308

https://bugzilla.redhat.com/show_bug.cgi?id=1866834

https://bugzilla.redhat.com/show_bug.cgi?id=1867697

https://bugzilla.redhat.com/show_bug.cgi?id=1867698

https://bugzilla.redhat.com/show_bug.cgi?id=1868638

https://bugzilla.redhat.com/show_bug.cgi?id=1869797

https://bugzilla.redhat.com/show_bug.cgi?id=1872006

https://bugzilla.redhat.com/show_bug.cgi?id=1872028

https://bugzilla.redhat.com/show_bug.cgi?id=1872030

https://bugzilla.redhat.com/show_bug.cgi?id=1872033

https://bugzilla.redhat.com/show_bug.cgi?id=1872459

https://bugzilla.redhat.com/show_bug.cgi?id=1872879

https://bugzilla.redhat.com/show_bug.cgi?id=1873221

https://bugzilla.redhat.com/show_bug.cgi?id=1873915

https://bugzilla.redhat.com/show_bug.cgi?id=1874756

https://bugzilla.redhat.com/show_bug.cgi?id=1875628

https://bugzilla.redhat.com/show_bug.cgi?id=1875736

https://bugzilla.redhat.com/show_bug.cgi?id=1876692

https://bugzilla.redhat.com/show_bug.cgi?id=1876976

https://bugzilla.redhat.com/show_bug.cgi?id=1877300

https://bugzilla.redhat.com/show_bug.cgi?id=1877413

https://bugzilla.redhat.com/show_bug.cgi?id=1877737

https://bugzilla.redhat.com/show_bug.cgi?id=1877745

https://bugzilla.redhat.com/show_bug.cgi?id=1877910

https://bugzilla.redhat.com/show_bug.cgi?id=1878145

https://bugzilla.redhat.com/show_bug.cgi?id=1878250

https://bugzilla.redhat.com/show_bug.cgi?id=1878267

https://bugzilla.redhat.com/show_bug.cgi?id=1878268

https://bugzilla.redhat.com/show_bug.cgi?id=1878271

https://bugzilla.redhat.com/show_bug.cgi?id=1878500

https://bugzilla.redhat.com/show_bug.cgi?id=1879178

https://bugzilla.redhat.com/show_bug.cgi?id=1879819

https://bugzilla.redhat.com/show_bug.cgi?id=1898486

https://bugzilla.redhat.com/show_bug.cgi?id=1898599

https://bugzilla.redhat.com/show_bug.cgi?id=1898856

https://bugzilla.redhat.com/show_bug.cgi?id=1899860

https://bugzilla.redhat.com/show_bug.cgi?id=1900109

https://bugzilla.redhat.com/show_bug.cgi?id=1901036

https://bugzilla.redhat.com/show_bug.cgi?id=1902034

https://bugzilla.redhat.com/show_bug.cgi?id=1902149

https://bugzilla.redhat.com/show_bug.cgi?id=1902281

https://bugzilla.redhat.com/show_bug.cgi?id=1903612

https://bugzilla.redhat.com/show_bug.cgi?id=1904340

https://bugzilla.redhat.com/show_bug.cgi?id=1904958

Plugin Details

Severity: High

ID: 144871

File Name: redhat-RHSA-2021-0081.nasl

Version: 1.14

Type: local

Agent: unix

Published: 1/12/2021

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-25660

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-diskprediction-local, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:ceph-osd, p-cpe:/a:redhat:enterprise_linux:ceph-mgr, p-cpe:/a:redhat:enterprise_linux:ceph-grafana-dashboards, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-k8sevents, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, p-cpe:/a:redhat:enterprise_linux:ceph-test, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:python-rgw, p-cpe:/a:redhat:enterprise_linux:python-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-ansible, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-dashboard, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-rook, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, p-cpe:/a:redhat:enterprise_linux:python-rados, p-cpe:/a:redhat:enterprise_linux:python3-rbd, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:ceph-mon, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel, p-cpe:/a:redhat:enterprise_linux:python-cephfs, p-cpe:/a:redhat:enterprise_linux:python-ceph-argparse

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 1/12/2021

Vulnerability Publication Date: 11/23/2020

Reference Information

CVE: CVE-2020-25660, CVE-2020-25677, CVE-2020-27781

CWE: 294, 312, 522

RHSA: 2021:0081