Ceph monitor crash

Bug #1599545 reported by Adam Heczko on 2016-07-06
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Medium
MOS Ceph
8.0.x
Medium
MOS Ceph
9.x
Medium
MOS Ceph

Bug Description

Detailed bug description:
A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash.
This results in denial of service (DOS).

Upstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1351453
http://tracker.ceph.com/issues/16297

Solution proposal:
Apply patch https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6

Steps to reproduce:
https://github.com/ceph/ceph/pull/9700

CVE References

tags: added: feature-security
Sergey Kolekonov (skolekonov) wrote :

mos-ceph team, please clarify which releases are affected by this issue

Changed in mos:
milestone: 9.0 → 9.1
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers