Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.844993 |
Category: | Ubuntu Local Security Checks |
Title: | Ubuntu: Security Advisory for ceph (USN-4998-1) |
Summary: | The remote host is missing an update for the 'ceph'; package(s) announced via the USN-4998-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'ceph' package(s) announced via the USN-4998-1 advisory. Vulnerability Insight: It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. (CVE-2020-25678) Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access. (CVE-2020-27781) It was discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. (CVE-2020-27839) It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. (CVE-2021-20288) Sergey Bobrov discovered that the Ceph dashboard was susceptible to a cross-site scripting attack. An attacker could use this to expose sensitive information or gain unintended access. (CVE-2021-3509) Sergey Bobrov discovered that Ceph's RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could use this to violate system integrity. (CVE-2021-3524) It was discovered that Ceph's RadosGW (Ceph Object Gateway) did not properly handle GET requests for swift URLs in some situations, leading to an application crash. An attacker could use this to cause a denial of service. (CVE-2021-3531) Affected Software/OS: 'ceph' package(s) on Ubuntu 20.10, Ubuntu 20.04 LTS. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3509 https://bugzilla.redhat.com/show_bug.cgi?id=1950116 https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409 https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 Common Vulnerability Exposure (CVE) ID: CVE-2021-3524 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPCJN2YDZCBMF4FOJXSTAADKFGEQEO7O/ https://bugzilla.redhat.com/show_bug.cgi?id=1951674 https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3531 https://bugzilla.redhat.com/show_bug.cgi?id=1955326 http://www.openwall.com/lists/oss-security/2021/05/14/5 http://www.openwall.com/lists/oss-security/2021/05/17/7 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |