openEuler 22.03 LTS update for ceph
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-0670 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system ceph-mgr-cephadm Operating systems & Components / Operating system package or component ceph-mgr-modules-core Operating systems & Components / Operating system package or component ceph-mgr-diskprediction-local Operating systems & Components / Operating system package or component ceph-mgr-rook Operating systems & Components / Operating system package or component ceph-grafana-dashboards Operating systems & Components / Operating system package or component ceph-mgr-dashboard Operating systems & Components / Operating system package or component cephfs-top Operating systems & Components / Operating system package or component ceph-prometheus-alerts Operating systems & Components / Operating system package or component cephadm Operating systems & Components / Operating system package or component ceph-mgr-k8sevents Operating systems & Components / Operating system package or component librbd1 Operating systems & Components / Operating system package or component libradosstriper1 Operating systems & Components / Operating system package or component python3-ceph-argparse Operating systems & Components / Operating system package or component ceph-debuginfo Operating systems & Components / Operating system package or component libcephsqlite-devel Operating systems & Components / Operating system package or component ceph-mds Operating systems & Components / Operating system package or component rados-objclass-devel Operating systems & Components / Operating system package or component cephfs-mirror Operating systems & Components / Operating system package or component rbd-mirror Operating systems & Components / Operating system package or component python3-ceph-common Operating systems & Components / Operating system package or component librgw2 Operating systems & Components / Operating system package or component librbd-devel Operating systems & Components / Operating system package or component ceph-selinux Operating systems & Components / Operating system package or component libradospp-devel Operating systems & Components / Operating system package or component libcephfs2 Operating systems & Components / Operating system package or component python3-cephfs Operating systems & Components / Operating system package or component libradosstriper-devel Operating systems & Components / Operating system package or component python3-rgw Operating systems & Components / Operating system package or component libcephfs-devel Operating systems & Components / Operating system package or component librados2 Operating systems & Components / Operating system package or component ceph-mgr Operating systems & Components / Operating system package or component ceph-resource-agents Operating systems & Components / Operating system package or component ceph-common Operating systems & Components / Operating system package or component rbd-fuse Operating systems & Components / Operating system package or component ceph-fuse Operating systems & Components / Operating system package or component python3-rbd Operating systems & Components / Operating system package or component ceph-base Operating systems & Components / Operating system package or component librgw-devel Operating systems & Components / Operating system package or component ceph-mon Operating systems & Components / Operating system package or component ceph-test Operating systems & Components / Operating system package or component ceph-debugsource Operating systems & Components / Operating system package or component rbd-nbd Operating systems & Components / Operating system package or component librados-devel Operating systems & Components / Operating system package or component python3-rados Operating systems & Components / Operating system package or component ceph-immutable-object-cache Operating systems & Components / Operating system package or component ceph-osd Operating systems & Components / Operating system package or component ceph-radosgw Operating systems & Components / Operating system package or component libcephsqlite Operating systems & Components / Operating system package or component ceph Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66440
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0670
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error within the "volumes" plugin in Ceph Manager. The Openstack manilla owning a Ceph File system "share" enables the owner to read/write any manilla share or entire file system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS
ceph-mgr-cephadm: before 16.2.7-10
ceph-mgr-modules-core: before 16.2.7-10
ceph-mgr-diskprediction-local: before 16.2.7-10
ceph-mgr-rook: before 16.2.7-10
ceph-grafana-dashboards: before 16.2.7-10
ceph-mgr-dashboard: before 16.2.7-10
cephfs-top: before 16.2.7-10
ceph-prometheus-alerts: before 16.2.7-10
cephadm: before 16.2.7-10
ceph-mgr-k8sevents: before 16.2.7-10
librbd1: before 16.2.7-10
libradosstriper1: before 16.2.7-10
python3-ceph-argparse: before 16.2.7-10
ceph-debuginfo: before 16.2.7-10
libcephsqlite-devel: before 16.2.7-10
ceph-mds: before 16.2.7-10
rados-objclass-devel: before 16.2.7-10
cephfs-mirror: before 16.2.7-10
rbd-mirror: before 16.2.7-10
python3-ceph-common: before 16.2.7-10
librgw2: before 16.2.7-10
librbd-devel: before 16.2.7-10
ceph-selinux: before 16.2.7-10
libradospp-devel: before 16.2.7-10
libcephfs2: before 16.2.7-10
python3-cephfs: before 16.2.7-10
libradosstriper-devel: before 16.2.7-10
python3-rgw: before 16.2.7-10
libcephfs-devel: before 16.2.7-10
librados2: before 16.2.7-10
ceph-mgr: before 16.2.7-10
ceph-resource-agents: before 16.2.7-10
ceph-common: before 16.2.7-10
rbd-fuse: before 16.2.7-10
ceph-fuse: before 16.2.7-10
python3-rbd: before 16.2.7-10
ceph-base: before 16.2.7-10
librgw-devel: before 16.2.7-10
ceph-mon: before 16.2.7-10
ceph-test: before 16.2.7-10
ceph-debugsource: before 16.2.7-10
rbd-nbd: before 16.2.7-10
librados-devel: before 16.2.7-10
python3-rados: before 16.2.7-10
ceph-immutable-object-cache: before 16.2.7-10
ceph-osd: before 16.2.7-10
ceph-radosgw: before 16.2.7-10
libcephsqlite: before 16.2.7-10
ceph: before 16.2.7-10
CPE2.3- cpe:2.3:o:openeuler:openeuler:22.03:LTS:*:*:*:*:*:*
- cpe:2.3:a:openeuler:ceph-mgr-cephadm:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mgr-modules-core:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mgr-diskprediction-local:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mgr-rook:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-grafana-dashboards:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mgr-dashboard:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:cephfs-top:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-prometheus-alerts:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:cephadm:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mgr-k8sevents:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:librbd1:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libradosstriper1:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-ceph-argparse:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcephsqlite-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mds:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:rados-objclass-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:cephfs-mirror:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:rbd-mirror:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-ceph-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:librgw2:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:librbd-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-selinux:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libradospp-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcephfs2:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-cephfs:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libradosstriper-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-rgw:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcephfs-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:librados2:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mgr:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-resource-agents:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-common:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:rbd-fuse:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-fuse:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-rbd:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-base:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:librgw-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-mon:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-test:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:rbd-nbd:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:librados-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-rados:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-immutable-object-cache:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-osd:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph-radosgw:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:libcephsqlite:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:ceph:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2125
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
