Detections
Analytics
RHEL 7 / 8 : Red Hat Ceph Storage 4.2 Security and Bug Fix Update (Important) (RHSA-2021:2445)
high Nessus Plugin ID 150821
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2445 advisory.Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage.
The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface (TCMU). It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores.
Security Fix(es):
* ceph: Unauthorized global_id reuse in cephx (CVE-2021-20288)
* ceph-dashboard: Don't use Browser's LocalStorage for storing JWT but Secure Cookies with proper HTTP Headers (CVE-2020-27839)
* ceph-dashboard: Cross-site scripting via token Cookie (CVE-2021-3509)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
These updated packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage 4.2 Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/4.2/html/release_notes/index
All users of Red Hat Ceph Storage are advised to upgrade to these updated packages, which provide numerous bug fixes.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?cd856fc8
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/errata/RHSA-2021:2445
https://bugzilla.redhat.com/show_bug.cgi?id=1766702
https://bugzilla.redhat.com/show_bug.cgi?id=1775096
https://bugzilla.redhat.com/show_bug.cgi?id=1826224
https://bugzilla.redhat.com/show_bug.cgi?id=1859181
https://bugzilla.redhat.com/show_bug.cgi?id=1878771
https://bugzilla.redhat.com/show_bug.cgi?id=1882086
https://bugzilla.redhat.com/show_bug.cgi?id=1882087
https://bugzilla.redhat.com/show_bug.cgi?id=1882089
https://bugzilla.redhat.com/show_bug.cgi?id=1882091
https://bugzilla.redhat.com/show_bug.cgi?id=1884463
https://bugzilla.redhat.com/show_bug.cgi?id=1892406
https://bugzilla.redhat.com/show_bug.cgi?id=1892408
https://bugzilla.redhat.com/show_bug.cgi?id=1896040
https://bugzilla.redhat.com/show_bug.cgi?id=1896461
https://bugzilla.redhat.com/show_bug.cgi?id=1896464
https://bugzilla.redhat.com/show_bug.cgi?id=1896465
https://bugzilla.redhat.com/show_bug.cgi?id=1900111
https://bugzilla.redhat.com/show_bug.cgi?id=1901330
https://bugzilla.redhat.com/show_bug.cgi?id=1902752
https://bugzilla.redhat.com/show_bug.cgi?id=1902753
https://bugzilla.redhat.com/show_bug.cgi?id=1903504
https://bugzilla.redhat.com/show_bug.cgi?id=1905431
https://bugzilla.redhat.com/show_bug.cgi?id=1906262
https://bugzilla.redhat.com/show_bug.cgi?id=1906305
https://bugzilla.redhat.com/show_bug.cgi?id=1906447
https://bugzilla.redhat.com/show_bug.cgi?id=1906627
https://bugzilla.redhat.com/show_bug.cgi?id=1909011
https://bugzilla.redhat.com/show_bug.cgi?id=1909760
https://bugzilla.redhat.com/show_bug.cgi?id=1909762
https://bugzilla.redhat.com/show_bug.cgi?id=1910151
https://bugzilla.redhat.com/show_bug.cgi?id=1917680
https://bugzilla.redhat.com/show_bug.cgi?id=1918650
https://bugzilla.redhat.com/show_bug.cgi?id=1919084
https://bugzilla.redhat.com/show_bug.cgi?id=1919471
https://bugzilla.redhat.com/show_bug.cgi?id=1920900
https://bugzilla.redhat.com/show_bug.cgi?id=1921798
https://bugzilla.redhat.com/show_bug.cgi?id=1922926
https://bugzilla.redhat.com/show_bug.cgi?id=1925503
https://bugzilla.redhat.com/show_bug.cgi?id=1925506
https://bugzilla.redhat.com/show_bug.cgi?id=1925646
https://bugzilla.redhat.com/show_bug.cgi?id=1926170
https://bugzilla.redhat.com/show_bug.cgi?id=1927869
https://bugzilla.redhat.com/show_bug.cgi?id=1928000
https://bugzilla.redhat.com/show_bug.cgi?id=1928785
https://bugzilla.redhat.com/show_bug.cgi?id=1930180
https://bugzilla.redhat.com/show_bug.cgi?id=1930264
https://bugzilla.redhat.com/show_bug.cgi?id=1933721
https://bugzilla.redhat.com/show_bug.cgi?id=1934092
https://bugzilla.redhat.com/show_bug.cgi?id=1935406
https://bugzilla.redhat.com/show_bug.cgi?id=1938031
https://bugzilla.redhat.com/show_bug.cgi?id=1941678
https://bugzilla.redhat.com/show_bug.cgi?id=1942444
https://bugzilla.redhat.com/show_bug.cgi?id=1943391
https://bugzilla.redhat.com/show_bug.cgi?id=1944996
https://bugzilla.redhat.com/show_bug.cgi?id=1944999
https://bugzilla.redhat.com/show_bug.cgi?id=1945920
https://bugzilla.redhat.com/show_bug.cgi?id=1946263
https://bugzilla.redhat.com/show_bug.cgi?id=1946536
https://bugzilla.redhat.com/show_bug.cgi?id=1946987
https://bugzilla.redhat.com/show_bug.cgi?id=1947215
https://bugzilla.redhat.com/show_bug.cgi?id=1947673
https://bugzilla.redhat.com/show_bug.cgi?id=1947695
https://bugzilla.redhat.com/show_bug.cgi?id=1949391
https://bugzilla.redhat.com/show_bug.cgi?id=1949489
https://bugzilla.redhat.com/show_bug.cgi?id=1949490
https://bugzilla.redhat.com/show_bug.cgi?id=1950116
https://bugzilla.redhat.com/show_bug.cgi?id=1951386
https://bugzilla.redhat.com/show_bug.cgi?id=1952011
https://bugzilla.redhat.com/show_bug.cgi?id=1952466
https://bugzilla.redhat.com/show_bug.cgi?id=1952570
https://bugzilla.redhat.com/show_bug.cgi?id=1954748
https://bugzilla.redhat.com/show_bug.cgi?id=1954789
https://bugzilla.redhat.com/show_bug.cgi?id=1954819
https://bugzilla.redhat.com/show_bug.cgi?id=1955218
https://bugzilla.redhat.com/show_bug.cgi?id=1955782
https://bugzilla.redhat.com/show_bug.cgi?id=1958362
https://bugzilla.redhat.com/show_bug.cgi?id=1959254
https://bugzilla.redhat.com/show_bug.cgi?id=1959452
https://bugzilla.redhat.com/show_bug.cgi?id=1962077
https://bugzilla.redhat.com/show_bug.cgi?id=1963066
https://bugzilla.redhat.com/show_bug.cgi?id=1963914
https://bugzilla.redhat.com/show_bug.cgi?id=1963962
https://bugzilla.redhat.com/show_bug.cgi?id=1964144
https://bugzilla.redhat.com/show_bug.cgi?id=1964481
https://bugzilla.redhat.com/show_bug.cgi?id=1964835
https://bugzilla.redhat.com/show_bug.cgi?id=1964907
https://bugzilla.redhat.com/show_bug.cgi?id=1964995
Plugin Details
Severity: High
ID: 150821
File Name: redhat-RHSA-2021-2445.nasl
Version: 1.11
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 6/16/2021
Updated: 11/7/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.1
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2021-20288
CVSS v3
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-diskprediction-local, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:ceph-osd, p-cpe:/a:redhat:enterprise_linux:ceph-mgr, p-cpe:/a:redhat:enterprise_linux:ceph-grafana-dashboards, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-k8sevents, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, p-cpe:/a:redhat:enterprise_linux:ceph-test, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:python-rgw, p-cpe:/a:redhat:enterprise_linux:python-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-dashboard, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-rook, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, p-cpe:/a:redhat:enterprise_linux:python-rados, p-cpe:/a:redhat:enterprise_linux:python3-rbd, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:ceph-mon, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel, p-cpe:/a:redhat:enterprise_linux:python-cephfs, p-cpe:/a:redhat:enterprise_linux:python-ceph-argparse
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/15/2021
Vulnerability Publication Date: 2/25/2021