RHSA-2018:2837 Red Hat Security Advisory: ceph-iscsi-cli security update

Bulletin has no description...

CVE-2018-14649

It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges. Mitigation To stop werkzeug debug mode started by rbd-target-api which is provided by ceph-iscsi-cl...

Arbitrary Command Execution

ceph-iscsi-cli is vulnerable to arbitrary command execution attacks. The vulnerability exists as it was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api...

PT-2018-12640 · Pallets Projects +1 · Python-Werkzeug +1

Name of the Vulnerable Software and Affected Versions: Red Hat Ceph Storage versions 2 and 3 Description: The issue allows unauthenticated attackers to access a debug shell and escalate privileges. This is due to the ceph-isci-cli package using python-werkzeug in debug shell mode, enabled by...

RHEL 7 : ceph-iscsi-cli (RHSA-2018:2838)

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 7 : ceph-iscsi-cli (RHSA-2018:2837)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2837 advisory. ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Security Fixes: It was found th...

ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...

Critical: Red Hat Security Advisory: ceph-iscsi-cli security update

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: Red Hat Security Advisory: ceph-iscsi-cli security update

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...