Bug 997025 - (CVE-2016-7031) VUL-0: CVE-2016-7031: ceph-radosgw: anonymous user authorization bypass
(CVE-2016-7031)
VUL-0: CVE-2016-7031: ceph-radosgw: anonymous user authorization bypass
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Nathan Cutler
Security Team bot
https://smash.suse.de/issue/172327/
CVSSv2:SUSE:CVE-2016-7031:1.5:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-02 07:02 UTC by Victor Pereira
Modified: 2020-06-15 13:27 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-09-02 07:02:15 UTC
rh#1372446

Description of problem:

An anonymous S3 user may be able to (incorrectly) list the contents of a bucket which has an authenticated_users=read ACL.


Version-Release number of selected component (if applicable):
1.3.x


Additional info:
This issue corresponds to upstream tracker issue
http://tracker.ceph.com/issues/13207

Fixed on master in
https://github.com/ceph/ceph/pull/6057

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1372446
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7031
Comment 1 Swamp Workflow Management 2016-09-02 22:00:14 UTC
bugbot adjusting priority
Comment 2 Nathan Cutler 2016-09-11 18:53:46 UTC
Staged hammer backport:

* http://tracker.ceph.com/issues/17150
* https://github.com/ceph/ceph/pull/11045
Comment 3 Nathan Cutler 2016-11-23 05:46:04 UTC
Upstream hammer backport just merged; will be in 0.94.10 release. After that release happens, we'll get it into SES2.1 via a maintenance update.
Comment 6 Nathan Cutler 2017-03-03 10:10:23 UTC
This bug is only present in SES2.1, which went out of maintenance on March 1, 2017.