Ceph Storage Osd
Monthly
A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.
A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.