Bug 1069253 - VUL-0: CVE-2017-16818: ceph: Failed assertion through user input
VUL-0: CVE-2017-16818: ceph: Failed assertion through user input
Status: RESOLVED DUPLICATE of bug 1063014
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Nathan Cutler
Security Team bot
https://smash.suse.de/issue/195392/
CVSSv3:RedHat:CVE-2017-16818:5.3:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-21 16:06 UTC by Johannes Segitz
Modified: 2018-01-11 20:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-11-21 16:06:23 UTC
rh#1515872

A flaw was discovered in ceph. Assertion in rgw_iam_policy.cc can be reached by user input and fail through data passed in from a rest call causing it to crash.

Upstream patch:

https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1515872
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16818
Comment 1 Nathan Cutler 2017-11-21 16:12:11 UTC
@Johannes, is this the same as Bug 1063014 ?
Comment 2 Johannes Segitz 2017-11-22 09:16:35 UTC
(In reply to Nathan Cutler from comment #1)
yes, I knew this looked familiar but I couldn't place it anymore. Thanks for the hint
Comment 3 Johannes Segitz 2017-11-22 09:17:25 UTC
as remembered by Nathan

*** This bug has been marked as a duplicate of bug 1063014 ***