{"id":"USN-3452-1","summary":"ceph vulnerabilities","details":"It was discovered that Ceph incorrectly handled the handle_command\nfunction. A remote authenticated user could use this issue to cause Ceph to\ncrash, resulting in a denial of service. (CVE-2016-5009)\n\nRahul Aggarwal discovered that Ceph incorrectly handled the\nauthenticated-read ACL. A remote attacker could possibly use this issue to\nlist bucket contents via a URL. (CVE-2016-7031)\n\nDiluga Salome discovered that Ceph incorrectly handled certain POST objects\nwith null conditions. A remote attacker could possibly use this issue to\ncuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626)\n\nYang Liu discovered that Ceph incorrectly handled invalid HTTP Origin\nheaders. A remote attacker could possibly use this issue to cuase Ceph to\ncrash, resulting in a denial of service. (CVE-2016-9579)\n","modified":"2026-02-10T04:41:13Z","published":"2017-10-11T12:07:23Z","related":["UBUNTU-CVE-2016-5009","UBUNTU-CVE-2016-7031","UBUNTU-CVE-2016-8626","UBUNTU-CVE-2016-9579"],"upstream":["CVE-2016-5009","CVE-2016-7031","CVE-2016-8626","CVE-2016-9579","UBUNTU-CVE-2016-5009","UBUNTU-CVE-2016-7031","UBUNTU-CVE-2016-8626","UBUNTU-CVE-2016-9579"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3452-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5009"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7031"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-8626"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-9579"}],"affected":[{"package":{"name":"ceph","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/ceph@0.80.11-0ubuntu1.14.04.3?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.80.11-0ubuntu1.14.04.3"}]}],"versions":["0.67.4-0ubuntu2","0.67.4-0ubuntu3","0.72-0ubuntu1","0.72.1-0ubuntu1","0.72.1-2","0.72.1-3","0.72.2-1","0.72.2-2","0.78-0ubuntu1","0.79-0ubuntu1","0.80.1-0ubuntu1","0.80.1-0ubuntu1.1","0.80.5-0ubuntu0.14.04.1","0.80.7-0ubuntu0.14.04.1","0.80.9-0ubuntu0.14.04.1","0.80.9-0ubuntu0.14.04.2","0.80.10-0ubuntu0.14.04.1","0.80.10-0ubuntu1.14.04.2","0.80.10-0ubuntu1.14.04.3","0.80.11-0ubuntu1.14.04.1","0.80.11-0ubuntu1.14.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph-common"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph-fs-common"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph-fuse"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph-mds"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph-resource-agents"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"ceph-test"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"libcephfs-dev"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"libcephfs-java"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"libcephfs-jni"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"libcephfs1"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"librados-dev"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"librados2"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"librbd-dev"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"librbd1"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"python-ceph"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"radosgw"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"rbd-fuse"},{"binary_version":"0.80.11-0ubuntu1.14.04.3","binary_name":"rest-bench"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3452-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-5009"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-7031"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-8626"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-9579"}]}}}],"schema_version":"1.7.3"}