The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5997 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat     Ceph Storage.

    Perf Tools is a collection of performance analysis tools, including a high-performance multi-threaded     malloc() implementation that works particularly well with threads and STL, a thread-friendly heap-checker,     a heap profiler, and a cpu-profiler.

    The libunwind packages contain a C API to determine the call chain of a program. This API is necessary for     compatibility with Google Performance Tools (gperftools).

    nfs-ganesha : NFS-GANESHA is a NFS Server running in user space. It comes with various back-end modules     (called FSALs) provided as shared objects to support different file systems and name-spaces.

    The following packages have been upgraded to a later upstream version: ceph (16.2.8), ceph-ansible     (6.0.27.9), cephadm-ansible (1.8.0), gperftools (2.9.1), leveldb (1.23), libunwind (1.5.0), nfs-ganesha     (3.5), oath-toolkit (2.6.7). (BZ#1623330, BZ#1942171, BZ#1977888, BZ#1997480, BZ#1997996, BZ#2006214,     BZ#2006771, BZ#2013215, BZ#2018906, BZ#2024720, BZ#2028628, BZ#2029307, BZ#2030540, BZ#2039669,     BZ#2041563, BZ#2041571, BZ#2042417, BZ#2042602, BZ#2043602, BZ#2047487, BZ#2048681, BZ#2049272,     BZ#2053468, BZ#2053591, BZ#2055173, BZ#2057307, BZ#2060278, BZ#2064627, BZ#2077843, BZ#2080242)

    Security Fix(es):

    * ceph: user/tenant can obtain access (read/write) to any share (CVE-2022-0670)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    This update also fixes several bugs and adds various enhancements. Documentation for these changes is     available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 / 9 : Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update (Moderate) (RHSA-2022:5997)

critical Nessus Plugin ID 163972

Version 1.6