PT-2015-6400 · Ceph · Ceph-Deploy

Andreas Stieger

Published

2015-06-08

Updated

2024-06-15

CVE-2015-4053

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ceph-deploy versions prior to 1.5.25

Description The issue concerns the admin command in ceph-deploy, which uses world-readable permissions for the /etc/ceph/ceph.client.admin.keyring file. This allows local users to obtain sensitive information by reading the file.

Recommendations For versions prior to 1.5.25, update to version 1.5.25 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the /etc/ceph/ceph.client.admin.keyring file to restrict access until a patch is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-4053

GHSA-79JF-CCM8-43W7

OPENSUSE-SU-2024:10213-1

PYSEC-2015-3

RHSA-2015:1092

Affected Products

Ceph-Deploy

PT-2015-6400 · Ceph · Ceph-Deploy

CVE-2015-4053

Weakness Enumeration

Related Identifiers

Affected Products

References · 19