A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ceph | Redhat | * | 0.94.3.9-8 (excluding) |
| Ceph | Ubuntu | precise | * |
| Ceph | Ubuntu | trusty | * |
| Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7 | RedHat | ceph-1:0.94.9-8.el7cp | * |
| Red Hat Ceph Storage 1.3 for Ubuntu | RedHat | * | |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | calamari-server-0:1.4.9-1.el7cp | * |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | ceph-1:10.2.3-13.el7cp | * |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | ceph-deploy-0:1.5.36-20.el7cp | * |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | ceph-iscsi-config-0:1.5-1.el7cp | * |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | ceph-iscsi-tools-0:1.1-1.el7cp | * |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | libntirpc-0:1.4.1-1.el7 | * |
| Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 | RedHat | nfs-ganesha-0:2.4.0-3.el7cp | * |
| Red Hat Ceph Storage 2 for Ubuntu | RedHat | * |