Debian DLA-2735-1 : ceph - LTS security update

medium Nessus Plugin ID 152519

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2735 advisory.

- It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. (CVE-2018-14662)

- It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. (CVE-2018-16846)

- A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)

- A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. (CVE-2020-1760)

- A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. (CVE-2021-3524)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the ceph packages.

For Debian 9 stretch, these problems have been fixed in version 10.2.11-2+deb9u1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921948

https://security-tracker.debian.org/tracker/source-package/ceph

https://www.debian.org/lts/security/2021/dla-2735

https://security-tracker.debian.org/tracker/CVE-2018-14662

https://security-tracker.debian.org/tracker/CVE-2018-16846

https://security-tracker.debian.org/tracker/CVE-2020-10753

https://security-tracker.debian.org/tracker/CVE-2020-1760

https://security-tracker.debian.org/tracker/CVE-2021-3524

https://packages.debian.org/source/stretch/ceph

Plugin Details

Severity: Medium

ID: 152519

File Name: debian_DLA-2735.nasl

Version: 1.2

Type: local

Agent: unix

Published: 8/12/2021

Updated: 8/12/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2021-3524

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libcephfs1, p-cpe:/a:debian:debian_linux:ceph-mds, p-cpe:/a:debian:debian_linux:ceph-mon, p-cpe:/a:debian:debian_linux:libcephfs-jni, p-cpe:/a:debian:debian_linux:librados2, p-cpe:/a:debian:debian_linux:rbd-nbd, cpe:/o:debian:debian_linux:9.0, p-cpe:/a:debian:debian_linux:librgw-dev, p-cpe:/a:debian:debian_linux:python-cephfs, p-cpe:/a:debian:debian_linux:rbd-fuse, p-cpe:/a:debian:debian_linux:ceph-osd, p-cpe:/a:debian:debian_linux:librbd-dev, p-cpe:/a:debian:debian_linux:python-ceph, p-cpe:/a:debian:debian_linux:ceph-fs-common, p-cpe:/a:debian:debian_linux:python-rados, p-cpe:/a:debian:debian_linux:libradosstriper-dev, p-cpe:/a:debian:debian_linux:ceph-base, p-cpe:/a:debian:debian_linux:libcephfs-dev, p-cpe:/a:debian:debian_linux:librados-dev, p-cpe:/a:debian:debian_linux:python-rbd, p-cpe:/a:debian:debian_linux:librbd1, p-cpe:/a:debian:debian_linux:radosgw, p-cpe:/a:debian:debian_linux:libradosstriper1, p-cpe:/a:debian:debian_linux:ceph-common, p-cpe:/a:debian:debian_linux:ceph-resource-agents, p-cpe:/a:debian:debian_linux:librgw2, p-cpe:/a:debian:debian_linux:ceph-fuse, p-cpe:/a:debian:debian_linux:ceph, p-cpe:/a:debian:debian_linux:libcephfs-java, p-cpe:/a:debian:debian_linux:rbd-mirror, p-cpe:/a:debian:debian_linux:ceph-test

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2021

Vulnerability Publication Date: 1/15/2019

Reference Information

CVE: CVE-2018-14662, CVE-2018-16846, CVE-2020-10753, CVE-2020-1760, CVE-2021-3524