Vulnerabilities > CVE-2018-7262 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0041_CEPH.NASL description An update of the ceph package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121941 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121941 title Photon OS 2.0: Ceph PHSA-2018-2.0-0041 NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-541.NASL description This update for ceph fixes the following issues : Security issues fixed : - CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379). - CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014). Bug fixes : - bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster. - bsc#1079076: RGW openssl fixes. - bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start. - bsc#1056125: Some OSDs are down when doing performance testing on rbd image in EC Pool. - bsc#1087269: allow_ec_overwrites option not in command options list. - bsc#1051598: Fix mountpoint check for systemctl enable --runtime. - bsc#1070357: Zabbix mgr module doesn last seen 2020-06-05 modified 2018-05-31 plugin id 110257 published 2018-05-31 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110257 title openSUSE Security Update : ceph (openSUSE-2018-541) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1417-1.NASL description This update for ceph fixes the following issues: Security issues fixed : - CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379). - CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014). Bug fixes : - bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster. - bsc#1079076: RGW openssl fixes. - bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start. - bsc#1056125: Some OSDs are down when doing performance testing on rbd image in EC Pool. - bsc#1087269: allow_ec_overwrites option not in command options list. - bsc#1051598: Fix mountpoint check for systemctl enable --runtime. - bsc#1070357: Zabbix mgr module doesn last seen 2020-06-01 modified 2020-06-02 plugin id 110123 published 2018-05-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110123 title SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2018:1417-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0546.NASL description An update for ceph is now available for Red Hat Ceph Storage 3.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix(es) : * ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service (CVE-2018-7262) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 108480 published 2018-03-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108480 title RHEL 7 : ceph (RHSA-2018:0546) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0041.NASL description An update of {'ceph', 'linux-esx', 'rsync', 'linux', 'linux-secure', 'linux-aws'} packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111300 published 2018-07-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111300 title Photon OS 2.0 : ceph / linux-esx / rsync / linux / linux-secure / linux-aws (PhotonOS-PHSA-2018-2.0-0041) (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2018-ED907EF9A0.NASL description New release (1:12.2.4-1), includes Security fix for CVE-2018-7262 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-15 plugin id 108350 published 2018-03-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108350 title Fedora 27 : 1:ceph (2018-ed907ef9a0)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://github.com/ceph/ceph/pull/20488
- https://bugzilla.redhat.com/show_bug.cgi?id=1546611
- http://tracker.ceph.com/issues/23039
- https://access.redhat.com/errata/RHSA-2018:0548
- https://access.redhat.com/errata/RHSA-2018:0546
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO/