16 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-20288
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys,...
CVE-2021-20288
creationtimestamp| type| source ---|---|--- 2025-01-09 19:46:10+00:00| seen| https://gist.github.com/sini/daf2ebc7f4ff5092da076dd4d696eee5...
Mageia: Security Advisory (MGASA-2021-0207)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5128-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: Red Hat Ceph Storage 4.2 Security and Bug Fix Update
An update for ceph, ceph-ansible, ceph-iscsi, python-waitress, and tcmu-runner is now available for Red Hat Ceph Storage 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
SUSE: Security Advisory (SUSE-SU-2021:1474-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:1473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : ceph (openSUSE-2021-672)
This update for ceph fixes the following issues : - ceph was updated to 15.2.11-83-g8a15f484c2 : - CVE-2021-20288: Fixed unauthorized globalid reuse bsc1183074. - disk gets replaced with no rocksdb/wal bsc1184231. - BlueStore handles huge4GB writes from RocksDB to BlueFS poorly, potentially causi...
Updated ceph packages fix a security vulnerability
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...
Security update for ceph (important)
openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2021:0672-1 Rating: important References: 1183074 1183899 1184231 Cross-References: CVE-2021-20288 CVSS scores: CVE-2021-20288 NVD : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20288 SUSE: 8...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2021:1474-1)
This update for ceph fixes the following issues : ceph was updated to 15.2.11-83-g8a15f484c2 : - CVE-2021-20288: Fixed unauthorized globalid reuse bsc1183074. - disk gets replaced with no rocksdb/wal bsc1184231. - BlueStore handles huge4GB writes from RocksDB to BlueFS poorly, potentially causing...
SUSE-SU-2021:1474-1 Security update for ceph
This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: CVE-2021-20288: Fixed unauthorized globalid reuse bsc1183074. disk gets replaced with no rocksdb/wal bsc1184231. BlueStore handles huge4GB writes from RocksDB to BlueFS poorly, potentially causing data...
Fedora: Security Advisory for ceph (FEDORA-2021-e65b9fb52e)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for ceph (FEDORA-2021-e29c1ee892)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-20288
Ceph CVE-2021-20288 is an authentication flaw in Ceph before certain fixed releases. The root cause is that CEPHX_GET_AUTH_SESSION_KEY handling does not sanitize other_keys, allowing reuse of old keys when a global_id is requested, enabling a user to leverage a global_id previously associated wit...
CVE-2021-20288
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...