RHEL 8 / 9 : Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update (Moderate) (RHSA-2022:5997)

critical Nessus Plugin ID 163972

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5997 advisory.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage.

Perf Tools is a collection of performance analysis tools, including a high-performance multi-threaded malloc() implementation that works particularly well with threads and STL, a thread-friendly heap-checker, a heap profiler, and a cpu-profiler.

The libunwind packages contain a C API to determine the call chain of a program. This API is necessary for compatibility with Google Performance Tools (gperftools).

nfs-ganesha : NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules (called FSALs) provided as shared objects to support different file systems and name-spaces.

The following packages have been upgraded to a later upstream version: ceph (16.2.8), ceph-ansible (6.0.27.9), cephadm-ansible (1.8.0), gperftools (2.9.1), leveldb (1.23), libunwind (1.5.0), nfs-ganesha (3.5), oath-toolkit (2.6.7). (BZ#1623330, BZ#1942171, BZ#1977888, BZ#1997480, BZ#1997996, BZ#2006214, BZ#2006771, BZ#2013215, BZ#2018906, BZ#2024720, BZ#2028628, BZ#2029307, BZ#2030540, BZ#2039669, BZ#2041563, BZ#2041571, BZ#2042417, BZ#2042602, BZ#2043602, BZ#2047487, BZ#2048681, BZ#2049272, BZ#2053468, BZ#2053591, BZ#2055173, BZ#2057307, BZ#2060278, BZ#2064627, BZ#2077843, BZ#2080242)

Security Fix(es):

* ceph: user/tenant can obtain access (read/write) to any share (CVE-2022-0670)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?60c1af05

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2022:5997

https://bugzilla.redhat.com/show_bug.cgi?id=1623330

https://bugzilla.redhat.com/show_bug.cgi?id=1889976

https://bugzilla.redhat.com/show_bug.cgi?id=1901857

https://bugzilla.redhat.com/show_bug.cgi?id=1910419

https://bugzilla.redhat.com/show_bug.cgi?id=1910503

https://bugzilla.redhat.com/show_bug.cgi?id=1938670

https://bugzilla.redhat.com/show_bug.cgi?id=1939716

https://bugzilla.redhat.com/show_bug.cgi?id=1942171

https://bugzilla.redhat.com/show_bug.cgi?id=1962511

https://bugzilla.redhat.com/show_bug.cgi?id=1962575

https://bugzilla.redhat.com/show_bug.cgi?id=1966180

https://bugzilla.redhat.com/show_bug.cgi?id=1966608

https://bugzilla.redhat.com/show_bug.cgi?id=1967901

https://bugzilla.redhat.com/show_bug.cgi?id=1971694

https://bugzilla.redhat.com/show_bug.cgi?id=1972506

https://bugzilla.redhat.com/show_bug.cgi?id=1976128

https://bugzilla.redhat.com/show_bug.cgi?id=1977888

https://bugzilla.redhat.com/show_bug.cgi?id=1982962

https://bugzilla.redhat.com/show_bug.cgi?id=1988773

https://bugzilla.redhat.com/show_bug.cgi?id=1996667

https://bugzilla.redhat.com/show_bug.cgi?id=1997480

https://bugzilla.redhat.com/show_bug.cgi?id=1997996

https://bugzilla.redhat.com/show_bug.cgi?id=1999710

https://bugzilla.redhat.com/show_bug.cgi?id=2003925

https://bugzilla.redhat.com/show_bug.cgi?id=2004171

https://bugzilla.redhat.com/show_bug.cgi?id=2005960

https://bugzilla.redhat.com/show_bug.cgi?id=2006084

https://bugzilla.redhat.com/show_bug.cgi?id=2006214

https://bugzilla.redhat.com/show_bug.cgi?id=2006771

https://bugzilla.redhat.com/show_bug.cgi?id=2008402

https://bugzilla.redhat.com/show_bug.cgi?id=2009118

https://bugzilla.redhat.com/show_bug.cgi?id=2013085

https://bugzilla.redhat.com/show_bug.cgi?id=2013215

https://bugzilla.redhat.com/show_bug.cgi?id=2015597

https://bugzilla.redhat.com/show_bug.cgi?id=2016936

https://bugzilla.redhat.com/show_bug.cgi?id=2017389

https://bugzilla.redhat.com/show_bug.cgi?id=2018906

https://bugzilla.redhat.com/show_bug.cgi?id=2019909

https://bugzilla.redhat.com/show_bug.cgi?id=2020618

https://bugzilla.redhat.com/show_bug.cgi?id=2024301

https://bugzilla.redhat.com/show_bug.cgi?id=2024720

https://bugzilla.redhat.com/show_bug.cgi?id=2027599

https://bugzilla.redhat.com/show_bug.cgi?id=2028036

https://bugzilla.redhat.com/show_bug.cgi?id=2028628

https://bugzilla.redhat.com/show_bug.cgi?id=2028693

https://bugzilla.redhat.com/show_bug.cgi?id=2028879

https://bugzilla.redhat.com/show_bug.cgi?id=2029307

https://bugzilla.redhat.com/show_bug.cgi?id=2030154

https://bugzilla.redhat.com/show_bug.cgi?id=2030540

https://bugzilla.redhat.com/show_bug.cgi?id=2031173

https://bugzilla.redhat.com/show_bug.cgi?id=2034060

https://bugzilla.redhat.com/show_bug.cgi?id=2034309

https://bugzilla.redhat.com/show_bug.cgi?id=2035179

https://bugzilla.redhat.com/show_bug.cgi?id=2035331

https://bugzilla.redhat.com/show_bug.cgi?id=2037752

https://bugzilla.redhat.com/show_bug.cgi?id=2039669

https://bugzilla.redhat.com/show_bug.cgi?id=2039741

https://bugzilla.redhat.com/show_bug.cgi?id=2039816

https://bugzilla.redhat.com/show_bug.cgi?id=2041563

https://bugzilla.redhat.com/show_bug.cgi?id=2041571

https://bugzilla.redhat.com/show_bug.cgi?id=2042320

https://bugzilla.redhat.com/show_bug.cgi?id=2042417

https://bugzilla.redhat.com/show_bug.cgi?id=2042602

https://bugzilla.redhat.com/show_bug.cgi?id=2043366

https://bugzilla.redhat.com/show_bug.cgi?id=2043602

https://bugzilla.redhat.com/show_bug.cgi?id=2047487

https://bugzilla.redhat.com/show_bug.cgi?id=2048681

https://bugzilla.redhat.com/show_bug.cgi?id=2049272

https://bugzilla.redhat.com/show_bug.cgi?id=2050728

https://bugzilla.redhat.com/show_bug.cgi?id=2051640

https://bugzilla.redhat.com/show_bug.cgi?id=2052936

https://bugzilla.redhat.com/show_bug.cgi?id=2053468

https://bugzilla.redhat.com/show_bug.cgi?id=2053470

https://bugzilla.redhat.com/show_bug.cgi?id=2053591

https://bugzilla.redhat.com/show_bug.cgi?id=2053706

https://bugzilla.redhat.com/show_bug.cgi?id=2053709

https://bugzilla.redhat.com/show_bug.cgi?id=2054967

https://bugzilla.redhat.com/show_bug.cgi?id=2055173

https://bugzilla.redhat.com/show_bug.cgi?id=2057307

https://bugzilla.redhat.com/show_bug.cgi?id=2058038

https://bugzilla.redhat.com/show_bug.cgi?id=2058372

https://bugzilla.redhat.com/show_bug.cgi?id=2058669

https://bugzilla.redhat.com/show_bug.cgi?id=2060278

https://bugzilla.redhat.com/show_bug.cgi?id=2061501

https://bugzilla.redhat.com/show_bug.cgi?id=2064171

https://bugzilla.redhat.com/show_bug.cgi?id=2064627

https://bugzilla.redhat.com/show_bug.cgi?id=2065443

https://bugzilla.redhat.com/show_bug.cgi?id=2067987

https://bugzilla.redhat.com/show_bug.cgi?id=2068039

https://bugzilla.redhat.com/show_bug.cgi?id=2069720

https://bugzilla.redhat.com/show_bug.cgi?id=2071458

https://bugzilla.redhat.com/show_bug.cgi?id=2073209

https://bugzilla.redhat.com/show_bug.cgi?id=2073881

https://bugzilla.redhat.com/show_bug.cgi?id=2074105

https://bugzilla.redhat.com/show_bug.cgi?id=2076850

https://bugzilla.redhat.com/show_bug.cgi?id=2077827

https://bugzilla.redhat.com/show_bug.cgi?id=2077843

https://bugzilla.redhat.com/show_bug.cgi?id=2079089

https://bugzilla.redhat.com/show_bug.cgi?id=2080242

https://bugzilla.redhat.com/show_bug.cgi?id=2080276

https://bugzilla.redhat.com/show_bug.cgi?id=2081596

https://bugzilla.redhat.com/show_bug.cgi?id=2081653

https://bugzilla.redhat.com/show_bug.cgi?id=2081715

https://bugzilla.redhat.com/show_bug.cgi?id=2081929

https://bugzilla.redhat.com/show_bug.cgi?id=2083885

https://bugzilla.redhat.com/show_bug.cgi?id=2086419

https://bugzilla.redhat.com/show_bug.cgi?id=2086438

https://bugzilla.redhat.com/show_bug.cgi?id=2087236

https://bugzilla.redhat.com/show_bug.cgi?id=2087736

https://bugzilla.redhat.com/show_bug.cgi?id=2087986

https://bugzilla.redhat.com/show_bug.cgi?id=2088602

https://bugzilla.redhat.com/show_bug.cgi?id=2088654

https://bugzilla.redhat.com/show_bug.cgi?id=2090357

https://bugzilla.redhat.com/show_bug.cgi?id=2090421

https://bugzilla.redhat.com/show_bug.cgi?id=2090456

https://bugzilla.redhat.com/show_bug.cgi?id=2092089

https://bugzilla.redhat.com/show_bug.cgi?id=2092508

https://bugzilla.redhat.com/show_bug.cgi?id=2092554

https://bugzilla.redhat.com/show_bug.cgi?id=2092834

https://bugzilla.redhat.com/show_bug.cgi?id=2092838

https://bugzilla.redhat.com/show_bug.cgi?id=2092905

https://bugzilla.redhat.com/show_bug.cgi?id=2093017

https://bugzilla.redhat.com/show_bug.cgi?id=2093022

https://bugzilla.redhat.com/show_bug.cgi?id=2093031

https://bugzilla.redhat.com/show_bug.cgi?id=2093065

https://bugzilla.redhat.com/show_bug.cgi?id=2093788

https://bugzilla.redhat.com/show_bug.cgi?id=2094112

https://bugzilla.redhat.com/show_bug.cgi?id=2094416

https://bugzilla.redhat.com/show_bug.cgi?id=2096882

https://bugzilla.redhat.com/show_bug.cgi?id=2096959

https://bugzilla.redhat.com/show_bug.cgi?id=2097487

https://bugzilla.redhat.com/show_bug.cgi?id=2098105

https://bugzilla.redhat.com/show_bug.cgi?id=2099348

https://bugzilla.redhat.com/show_bug.cgi?id=2099374

https://bugzilla.redhat.com/show_bug.cgi?id=2099828

https://bugzilla.redhat.com/show_bug.cgi?id=2099992

https://bugzilla.redhat.com/show_bug.cgi?id=2100503

https://bugzilla.redhat.com/show_bug.cgi?id=2100915

https://bugzilla.redhat.com/show_bug.cgi?id=2100967

https://bugzilla.redhat.com/show_bug.cgi?id=2102227

https://bugzilla.redhat.com/show_bug.cgi?id=2102365

https://bugzilla.redhat.com/show_bug.cgi?id=2103673

https://bugzilla.redhat.com/show_bug.cgi?id=2103686

https://bugzilla.redhat.com/show_bug.cgi?id=2104780

https://bugzilla.redhat.com/show_bug.cgi?id=2105454

https://bugzilla.redhat.com/show_bug.cgi?id=2105881

https://bugzilla.redhat.com/show_bug.cgi?id=2107441

https://bugzilla.redhat.com/show_bug.cgi?id=2108656

https://bugzilla.redhat.com/show_bug.cgi?id=2109151

https://bugzilla.redhat.com/show_bug.cgi?id=2109703

https://bugzilla.redhat.com/show_bug.cgi?id=2110913

https://bugzilla.redhat.com/show_bug.cgi?id=2112101

Plugin Details

Severity: Critical

ID: 163972

File Name: redhat-RHSA-2022-5997.nasl

Version: 1.11

Type: local

Agent: unix

Published: 8/10/2022

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2022-0670

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ceph-mib, p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-diskprediction-local, p-cpe:/a:redhat:enterprise_linux:cephfs-mirror, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:python3-ceph-common, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:ceph-osd, p-cpe:/a:redhat:enterprise_linux:ceph-mgr, p-cpe:/a:redhat:enterprise_linux:ceph-grafana-dashboards, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-k8sevents, p-cpe:/a:redhat:enterprise_linux:cephadm, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:ceph-test, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-prometheus-alerts, p-cpe:/a:redhat:enterprise_linux:ceph-mds, p-cpe:/a:redhat:enterprise_linux:ceph-resource-agents, p-cpe:/a:redhat:enterprise_linux:cephfs-top, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-dashboard, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ceph-radosgw, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-rook, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-modules-core, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-mgr-cephadm, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:rbd-mirror, p-cpe:/a:redhat:enterprise_linux:libcephsqlite, p-cpe:/a:redhat:enterprise_linux:ceph-immutable-object-cache, p-cpe:/a:redhat:enterprise_linux:python3-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:ceph-mon, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/9/2022

Vulnerability Publication Date: 7/25/2022

Reference Information

CVE: CVE-2022-0670

CWE: 863

RHSA: 2022:5997