Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2735.NASL
HistoryAug 12, 2021 - 12:00 a.m.

Debian DLA-2735-1 : ceph - LTS security update

2021-08-1200:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2735 advisory.

  • It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. (CVE-2018-14662)

  • It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. (CVE-2018-16846)

  • A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)

  • A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. (CVE-2020-1760)

  • A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. (CVE-2021-3524)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-2735. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152519);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/08/12");

  script_cve_id(
    "CVE-2018-14662",
    "CVE-2018-16846",
    "CVE-2020-1760",
    "CVE-2020-10753",
    "CVE-2021-3524"
  );

  script_name(english:"Debian DLA-2735-1 : ceph - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-2735 advisory.

  - It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could
    steal dm-crypt encryption keys used in ceph disk encryption. (CVE-2018-14662)

  - It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of
    service against OMAPs holding bucket indices. (CVE-2018-16846)

  - A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related
    to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader
    tag in the CORS configuration file generates a header injection in the response when the CORS request is
    made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)

  - A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon
    S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted
    input. (CVE-2020-1760)

  - A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The
    vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline
    character in the ExposeHeader tag in the CORS configuration file generates a header injection in the
    response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account
    for the use of \r as a header separator, thus a new flaw has been created. (CVE-2021-3524)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921948");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ceph");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2021/dla-2735");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-14662");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-16846");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-10753");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-1760");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3524");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/ceph");
  script_set_attribute(attribute:"solution", value:
"Upgrade the ceph packages.

For Debian 9 stretch, these problems have been fixed in version 10.2.11-2+deb9u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3524");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-fs-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-fuse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-mds");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-mon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-osd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-resource-agents");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-jni");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librados-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librados2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libradosstriper-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libradosstriper1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librbd-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librbd1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librgw-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librgw2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-ceph");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-cephfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-rados");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:radosgw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rbd-fuse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rbd-mirror");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rbd-nbd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('audit.inc');
include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(9)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '9.0', 'prefix': 'ceph', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-base', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-common', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-fs-common', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-fuse', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-mds', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-mon', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-osd', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-resource-agents', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'ceph-test', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'libcephfs-dev', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'libcephfs-java', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'libcephfs-jni', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'libcephfs1', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'librados-dev', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'librados2', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'libradosstriper-dev', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'libradosstriper1', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'librbd-dev', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'librbd1', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'librgw-dev', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'librgw2', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'python-ceph', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'python-cephfs', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'python-rados', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'python-rbd', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'radosgw', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'rbd-fuse', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'rbd-mirror', 'reference': '10.2.11-2+deb9u1'},
    {'release': '9.0', 'prefix': 'rbd-nbd', 'reference': '10.2.11-2+deb9u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ceph / ceph-base / ceph-common / ceph-fs-common / ceph-fuse / ceph-mds / etc');
}
VendorProductVersionCPE
debiandebian_linuxcephp-cpe:/a:debian:debian_linux:ceph
debiandebian_linuxceph-basep-cpe:/a:debian:debian_linux:ceph-base
debiandebian_linuxceph-commonp-cpe:/a:debian:debian_linux:ceph-common
debiandebian_linuxceph-fs-commonp-cpe:/a:debian:debian_linux:ceph-fs-common
debiandebian_linuxceph-fusep-cpe:/a:debian:debian_linux:ceph-fuse
debiandebian_linuxceph-mdsp-cpe:/a:debian:debian_linux:ceph-mds
debiandebian_linuxceph-monp-cpe:/a:debian:debian_linux:ceph-mon
debiandebian_linuxceph-osdp-cpe:/a:debian:debian_linux:ceph-osd
debiandebian_linuxceph-resource-agentsp-cpe:/a:debian:debian_linux:ceph-resource-agents
debiandebian_linuxceph-testp-cpe:/a:debian:debian_linux:ceph-test
Rows per page:
1-10 of 311

Related

debian 4
osv 13
openvas 41
nessus 45
photon 2
redhat 7
veracode 5
prion 5
ubuntucve 5
alpinelinux 3
debiancve 5
cve 5
suse 6
fedora 6
ubuntu 5
redhatcve 5
freebsd 2
archlinux 2
gentoo 1
mageia 1
debian
debian
[SECURITY] [DLA 2735-1] ceph security update
2021-08-10 22:05:27
[SECURITY] [DLA 1696-1] ceph security update
2019-03-01 17:52:36
[SECURITY] [DLA 2171-1] ceph security update
2020-04-09 11:30:00
osv
osv
ceph - security update
2021-08-09 00:00:00
ceph - security update
2019-02-28 00:00:00
CVE-2021-3524
2021-05-17 17:15:08
openvas
openvas
Debian: Security Advisory (DLA-2735-1)
2021-08-13 00:00:00
Debian: Security Advisory (DLA-1696-1)
2019-03-03 00:00:00
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2023-1058)
2023-01-09 00:00:00
nessus
nessus
Debian DLA-1696-1 : ceph security update
2019-03-04 00:00:00
Photon OS 2.0: Ceph PHSA-2020-2.0-0237
2020-05-05 00:00:00
RHEL 7 / 8 : Red Hat Ceph Storage 4.1 (RHSA-2020:3003)
2020-07-20 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0237
2020-05-01 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0237
2020-04-30 00:00:00
redhat
redhat
(RHSA-2020:3003) Moderate: Red Hat Ceph Storage 4.1 security and bug fix update
2020-07-20 13:52:21
(RHSA-2019:2541) Moderate: Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update
2019-08-21 15:19:35
(RHSA-2019:2538) Moderate: Red Hat Ceph Storage 3.3 security, bug fix, and enhancement update
2019-08-21 14:49:35
veracode
veracode
Cross-Site Scripting (XSS)
2021-05-23 06:05:56
Information Disclosure
2019-08-22 02:27:55
Denial Of Service (Dos)
2019-08-22 02:27:56
prion
prion
Design/Logic Flaw
2021-05-17 17:15:00
Code injection
2019-01-15 21:29:00
Design/Logic Flaw
2020-06-26 15:15:00
ubuntucve
ubuntucve
CVE-2021-3524
2021-05-17 00:00:00
CVE-2018-14662
2019-01-15 00:00:00
CVE-2018-16846
2019-01-15 00:00:00
alpinelinux
alpinelinux
CVE-2021-3524
2021-05-17 17:15:00
CVE-2020-10753
2020-06-26 15:15:00
CVE-2020-1760
2020-04-23 15:15:00
debiancve
debiancve
CVE-2021-3524
2021-05-17 17:15:00
CVE-2018-14662
2019-01-15 21:29:00
CVE-2020-10753
2020-06-26 15:15:00
cve
cve
CVE-2021-3524
2021-05-17 17:15:00
CVE-2018-14662
2019-01-15 21:29:00
CVE-2018-16846
2019-01-15 18:29:00
suse
suse
Security update for ceph (important)
2019-03-08 00:00:00
Security update for ceph (moderate)
2019-04-28 00:00:00
Security update for ceph (important)
2020-06-29 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: ceph-12.2.11-1.fc29
2019-02-20 03:07:29
[SECURITY] Fedora 32 Update: ceph-14.2.10-1.fc32
2020-07-06 01:02:55
[SECURITY] Fedora 31 Update: ceph-14.2.9-1.fc31
2020-05-07 04:21:05
ubuntu
ubuntu
Ceph vulnerabilities
2020-09-22 00:00:00
Ceph vulnerabilities
2019-06-25 00:00:00
Ceph vulnerabilities
2021-01-28 00:00:00
redhatcve
redhatcve
CVE-2018-14662
2019-01-14 15:52:15
CVE-2018-16846
2019-01-14 15:51:31
CVE-2020-10753
2020-06-25 19:22:59
freebsd
freebsd
ceph14 -- HTTP header injection via CORS ExposeHeader tag
2020-05-27 00:00:00
ceph14 -- multiple security issues
2020-04-07 00:00:00
archlinux
archlinux
[ASA-202011-22] ceph: multiple issues
2020-11-26 00:00:00
[ASA-202105-3] ceph: multiple issues
2021-05-19 00:00:00
gentoo
gentoo
Ceph: Multiple vulnerabilities
2021-05-26 00:00:00
mageia
mageia
Updated ceph packages fix a security vulnerability
2021-05-27 16:43:31
JSON
Related for DEBIAN_DLA-2735.NASL
debian4osv13openvas41nessus45photon2redhat7veracode5prion5ubuntucve5alpinelinux3debiancve5cve5suse6fedora6ubuntu5redhatcve5freebsd2archlinux2gentoo1mageia1