Debian 10 Buster DLA-3629-1 Moderate: Ceph Denial of Service Threats
debian lts
October 23, 2023
Multiple vulnerabilities were fixed in Ceph, a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file syste...
Summary
CVE-2019-10222
A Denial of service was fixed: An unauthenticated attacker could crash
the Ceph RGW server by sending valid HTTP headers and terminating the
connection, resulting in a remote denial of service for Ceph RGW clients.
CVE-2020-1700
A Denial of Service was fixed: A flaw was found in the way the Ceph RGW
Beast front-end handles unexpected disconnects. An authenticated attacker
can abuse this flaw by making multiple disconnect attempts resulting in a
permanent leak of a socket connection by radosgw. This flaw could lead to
a denial of service condition by pile up of CLOSE_WAIT sockets, eventually
leading to the exhaustion of available resources, preventing legitimate
users from connecting to the system.
CVE-2020-1760
A XSS attack was fixed: A flaw was found in the Ceph Object Gateway,
where it supports request sent by an anonymous user in Amazon S3.
This flaw could lead to potential XSS attacks due to the lack
PREVIOUS 
NEXT Package: ceph
Version: 12.2.11+dfsg1-2.1+deb10u1
CVE ID: CVE-2019-10222 CVE-2020-1700 CVE-2020-1760 CVE-2020-10753
Debian Bug: 1053690
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!