阿里云漏洞库

该漏洞EXP已公开传播，漏洞利用成本极低，建议您立即关注并修复。

漏洞描述

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugzilla.redhat.com/show_bug.cgi?id=1938031
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202105-39

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	linuxfoundation	ceph	*		Up to (excluding) 14.2.21
	运行在以下环境
	应用	redhat	ceph_storage	4.0	-
	运行在以下环境
	系统	alpine_3.11	ceph	*		Up to (excluding) 14.2.20-r0
	运行在以下环境
	系统	alpine_3.12	ceph	*		Up to (excluding) 14.2.20-r0
	运行在以下环境
	系统	alpine_3.14	ceph	*		Up to (excluding) 16.2.3-r0
	运行在以下环境
	系统	alpine_3.15	ceph	*		Up to (excluding) 16.2.3-r0
	运行在以下环境
	系统	alpine_3.16	ceph	*		Up to (excluding) 16.2.3-r0
	运行在以下环境
	系统	alpine_3.17	ceph16	*		Up to (excluding) 16.2.3-r0
	运行在以下环境
	系统	alpine_3.18	ceph16	*		Up to (excluding) 16.2.3-r0
	运行在以下环境
	系统	debian_10	ceph	*		Up to (excluding) 12.2.11+dfsg1-2.1+deb10u1
	运行在以下环境
	系统	debian_11	ceph	*		Up to (excluding) 14.2.20-1
	运行在以下环境
	系统	debian_12	ceph	*		Up to (excluding) 14.2.20-1
	运行在以下环境
	系统	fedora_32	ceph	*		Up to (excluding) 14.2.20-1.fc32
	运行在以下环境
	系统	fedora_33	ceph	*		Up to (excluding) 15.2.11-1.fc33
	运行在以下环境
	系统	fedora_34	ceph	*		Up to (excluding) 16.2.1-1.fc34
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	ceph	*		Up to (excluding) 12.2.8-7.p01.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	ceph	*		Up to (excluding) 12.2.8-8.p02.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	ceph	*		Up to (excluding) 12.2.8-7.p01.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	ceph	*		Up to (excluding) 12.2.8-8.p02.ky10
	运行在以下环境
	系统	opensuse_Leap_15.2	ceph	*		Up to (excluding) 15.2.11.83
	运行在以下环境
	系统	ubuntu_20.04	ceph	*		Up to (excluding) 15.2.12-0ubuntu0.20.04.1
	运行在以下环境
	系统	ubuntu_21.04	ceph	*		Up to (excluding) 16.2.6-0ubuntu0.21.04.2
	运行在以下环境
	系统	ubuntu_21.10	ceph	*		Up to (excluding) 16.2.1-0ubuntu1
	运行在以下环境
	系统	ubuntu_22.04	ceph	*		Up to (excluding) 16.2.1-0ubuntu1

攻击路径

本地
攻击复杂度

容易
权限要求

普通权限
影响范围

有限影响
EXP成熟度

EXP 已公开
补丁情况

官方补丁
数据保密性

数据泄露
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
CWE-287	认证机制不恰当

低危 linuxfoundation ceph 认证机制不恰当

漏洞描述

解决建议

参考链接

受影响软件情况