Vulnerability CVE-2021-20288

Vulnerability Name:

CVE-2021-20288 (CCN-199922)

Assigned:

2020-12-17

Published:

2021-04-14

Updated:

2021-06-03

Summary:

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS v3 Severity:

7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-287

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-20288

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1938031

Source: XF
Type: UNKNOWN
ceph-cve202120288-sec-bypass(199922)

Source: CCN
Type: Ceph GIT Repository
Ceph

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e29c1ee892

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e65b9fb52e

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-168fbed46f

Source: CCN
Type: oss-sec Mailing List, Thu, 18 Mar 2021 01:20:18 +0530
CVE-2021-20288 Ceph: Unauthorized global_id reuse in cephx

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-39

Vulnerable Configuration:

Configuration 1:

cpe:/a:linuxfoundation:ceph:*:*:*:*:*:*:*:* (Version < 14.2.21)

Configuration 2:

cpe:/a:redhat:ceph_storage:4.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:redhat:ceph:16.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7460	P	ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:690	P	Security update for libnbd (Moderate)	2022-08-10
oval:org.opensuse.security:def:3591	P	libexiv2-12-0.23-12.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3399	P	xalan-j2-2.7.0-264.133 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95222	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94516	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94511	P	btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95221	P	openconnect-7.08-6.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2886	P	ceph-common-16.2.7.654+gd5a90ff46f0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6000	P	Security update for mozilla-nss (Important)	2022-04-05
oval:org.opensuse.security:def:5999	P	Security update for virglrenderer (Important)	2022-01-18
oval:org.opensuse.security:def:112002	P	benji-0.15.0-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112052	P	ceph-16.2.6.45+g8fda9838398-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:101934	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:101935	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:105561	P	benji-0.15.0-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:105604	P	ceph-16.2.6.45+g8fda9838398-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101224	P	libtiff5-32bit-4.0.9-5.30.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99647	P	(Important)	2021-06-11
oval:org.opensuse.security:def:99955	P	(Important)	2021-06-07
oval:org.opensuse.security:def:99954	P	(Moderate)	2021-06-04
oval:org.opensuse.security:def:111366	P	Security update for ceph (Important)	2021-05-06
oval:org.opensuse.security:def:73610	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:107890	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92498	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:96921	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:67089	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:76156	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:103016	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:9499	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:99448	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:93202	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:91909	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:66762	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:73802	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:98859	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:108600	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92697	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:96922	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:69639	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:76157	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:101421	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:9698	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:5673	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92104	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:66763	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:117405	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:75830	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:8748	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:99054	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:108601	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92896	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:69838	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:64488	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:10249	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:5674	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:92299	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:67088	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:75831	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:8943	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:99249	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:93049	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:70389	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:64680	P	Security update for ceph (Important)	2021-05-04

BACK