ESB-2018.2953 - [RedHat] ceph-iscsi-cli: Execute arbitrary code/commands - Remote/unauthenticated 2018-10-02

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2953
                 Critical: ceph-iscsi-cli security update
                              2 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ceph-iscsi-cli
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-14649  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:2837
   https://access.redhat.com/errata/RHSA-2018:2838

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: ceph-iscsi-cli security update
Advisory ID:       RHSA-2018:2837-01
Product:           Red Hat Ceph Storage
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2837
Issue date:        2018-10-01
CVE Names:         CVE-2018-14649 
=====================================================================

1. Summary:

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 2.5
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Ceph Storage 2.5 Tools - noarch

3. Description:

ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used
to interact with the kernel LIO subsystem.

Security Fix(es):

* It was found that rbd-target-api service provided by ceph-iscsi-cli was
running in debug mode. An unauthenticated attacker could use this to
remotely execute arbitrary code and escalate privileges. (CVE-2018-14649)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1632078 - CVE-2018-14649 ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

6. Package List:

Red Hat Ceph Storage 2.5 Tools:

Source:
ceph-iscsi-cli-2.0-7.el7cp.src.rpm

noarch:
ceph-iscsi-cli-2.0-7.el7cp.noarch.rpm

Red Hat Ceph Storage 2.5 Tools:

Source:
ceph-iscsi-cli-2.0-7.el7cp.src.rpm

noarch:
ceph-iscsi-cli-2.0-7.el7cp.noarch.rpm

Red Hat Ceph Storage 2.5 Tools:

Source:
ceph-iscsi-cli-2.0-7.el7cp.src.rpm

noarch:
ceph-iscsi-cli-2.0-7.el7cp.noarch.rpm

Red Hat Ceph Storage 2.5 Tools:

Source:
ceph-iscsi-cli-2.0-7.el7cp.src.rpm

noarch:
ceph-iscsi-cli-2.0-7.el7cp.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-14649
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/articles/3623521

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW7I5xNzjgjWX9erEAQhfEQ//Qbb+N7v/UMvrhO3AWnSWaRzAV+uBH+Ku
H8OV3MgdAnduq0uIsYiwPGm/dlxKHBHgG4d2vNtBJFcdvQ6jD0DPMM6OWfKVfLsV
gKEYl+35aPVMvB/9pO1Lv+g5T2d+Ohr5F3+6mbCXOH7ChmrGM/4phyfFqeYAxSaa
jbmZmZqeTlD65sEJYY3H5zBfqG8zU06ozuAB40xI4iD/1tFL9/74tYCo6a555S1X
VUVCW/jNop6KztF/+Mfs3SJFIpNHfLpwKk4z43vPSMyn0wDhfN3lg4pdbD/yRtyY
AyuLfIsFmo5uqa2BuOPCTtImT+XbnPXpYWS7rXQANv0I3G7d1PH/weoFTldLdlHH
ClZJvZRoPR6Pf4RSiGmMre9mHTfmzKIiCJSD7kBslMMr0DRX8kxI3USejiGan14j
t2/sg4+XiDJJOJD6zRHUpAczBzvSYaVlG7iOlGo8vQRUN3gDWLdGzxDGftPp25OX
NmfbtFWumIQOWm760KGt7d1kh6Lcq9yRLp69gm2s0dk3BJPppmKrYTfZz46Z3GLE
Ta71j+gKt59n6JubFEAlc/X3LazRoIrOK+zhihGSXkhaUXkjpr0BTW4dqjAL3b3b
fs3zq1MA0Vvwa9CMiCaWlT2u9wTp+jve6KHPIv/dKFxMyx61TRIB4482pxoqSj3e
USyoO03Gvqo=
=4nbo
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: ceph-iscsi-cli security update
Advisory ID:       RHSA-2018:2838-01
Product:           Red Hat Ceph Storage
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2838
Issue date:        2018-10-01
CVE Names:         CVE-2018-14649 
=====================================================================

1. Summary:

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Ceph Storage 3.1 Tools - noarch

3. Description:

ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used
to interact with the kernel LIO subsystem.

Security Fix(es):

* It was found that rbd-target-api service provided by ceph-iscsi-cli was
running in debug mode. An unauthenticated attacker could use this to
remotely execute arbitrary code and escalate privileges. (CVE-2018-14649)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1632078 - CVE-2018-14649 ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution

6. Package List:

Red Hat Ceph Storage 3.1 Tools:

Source:
ceph-iscsi-cli-2.7-7.el7cp.src.rpm

noarch:
ceph-iscsi-cli-2.7-7.el7cp.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-14649
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/articles/3623521

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW7I5hNzjgjWX9erEAQgZdRAAhcr4SJ7JyGgF27iuqqepy/YE+yspv2VZ
w7Nf69YpwA3V/sq+wfSCwjg09qwu+QYCzw6pVLyuXeHkKBQqK4nWBJOJZFOX2mHD
Vx6qagWsfHyyGRkf07JTjX8al8HKtX4ykObA66iblP/aUQ854xvax+dwLdavpBRI
z07cv3BNfteaVMQKEj2n+nFvCAKP66jVJP5/85mpdYJOfYhNu1yss0C2Gco9olI6
leIrXYgjlhBO5H8/7Mmc2+NASDxdK/o8u8N+fjNvYKbvCZnuYP0W4+wduzn5YBfT
2Iib0rcyAtrvIrNms/uj4HgjP8mmKRNEeo5+gF2d6JfrEA/BcUC5S9TnZID8APvr
OAf4gOigkT2bt9KtYPEYRD4p9Y+sC853akmXRFSx1kp5R7ieqdEVM6PX52a/Cfnz
z/4aHTyzuUrS3dDyMLb14uqHsKLV6h1/Teepj/AhkszqC1qW9fYdXskpXjLVvnaK
QJK4pmBS7uw5+1apH3M1fXjZv4O+AjJ5KFSggxsXbpaVUgLcUI2/gyU/W8tP67H7
uooZ4dAlr5prgBqOrijyM7PyqkeUvV0+KPHSRcFeYFyyNGPrK8hw8/iA8XZWgsiT
6x5ZDACwySiGJelh2vaczvfOV3cm2r8wcajn35rsFvCwoiLlaaV3EjXFw5aiRoJ/
QgoTQhaBEXA=
=O6uP
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW7KzBWaOgq3Tt24GAQi5SRAA2erLvB9V2sD0LUQGB9LgRADPD/NOfpmV
2/P5AxI/AVxiSiVXUybDqay2T0HW9PWA/dz3zrb0Ouit+wTIldJNRfCxtXg5W3QG
Zb/ZqhiXW/tCaquePP0bg9cc5jOyPei5wJWUvJVbx840LMHU4qO6y/PDkTn1uGJg
kO4X8zC6gAPXShzthyqXw0AF34XjUWdEWEeiu7W4Oan2OgB1IQt7bUFIweO1mQW1
j5+5YMWW9KPX173u+zBs81hjmN8ubkTo1caU1eeIfdEUhrYCcn13+jZQ3p4FcmS9
JOKUUoNKQMFI9CYK0DhPQqmkA9y/m1yeJpZMI/RbQpS0JbkxUBYcl93CQCieyRTF
sUgVpv5hgkBeGYtsf3s+ERXwrLH80sPsV08KLxZ8WTLaAQbuvMUbwWre6FZwmTue
vjj6mUu1XhowR08o9nuCZMUafS1O9xQRvSv9K9shruoAwGUpNaZcD7ODamUiq2bq
yjgkPyF9r5MKpcMSJlk5t9jweb1gJqTtr9wnvaG9dT0X+amYdeiYkb+oKtflCvfm
i1533F31FeuNfYqw6yGMWzA6PLU4RGBMXaqpF5jFQIHOU+S/QXyc5gB2nISdgjlh
fBaJgx2cVe3VtKDKqnOhPsW20ZTQk7S2tLthG+VS+6dF1+TLVMF5GVj01Mi/ApBq
dI7XKAVn7Bc=
=16BI
-----END PGP SIGNATURE-----

« Back to bulletins