PublicDateAtUSN: 2020-01-31
Candidate: CVE-2020-1700
CRD: 2020-01-31
PublicDate: 2020-02-07 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1700
 https://ubuntu.com/security/notices/USN-4304-1
Description:
 A flaw was found in the way the Ceph RGW Beast front-end handles unexpected
 disconnects. An authenticated attacker can abuse this flaw by making
 multiple disconnect attempts resulting in a permanent leak of a socket
 connection by radosgw. This flaw could lead to a denial of service
 condition by pile up of CLOSE_WAIT sockets, eventually leading to the
 exhaustion of available resources, preventing legitimate users from
 connecting to the system.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://tracker.ceph.com/issues/42531
Priority: medium
Discovered-by: Or Friedman
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_ceph:
 upstream: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a
upstream_ceph: released (14.2.7-1)
precise/esm_ceph: not-affected (code not present)
trusty_ceph: ignored (out of standard support)
trusty/esm_ceph: not-affected (code not present)
xenial_ceph: not-affected (code not present)
esm-infra/xenial_ceph: not-affected (code not present)
bionic_ceph: released (12.2.12-0ubuntu0.18.04.5)
disco_ceph: ignored (reached end-of-life)
eoan_ceph: released (14.2.4-0ubuntu0.19.10.2)
devel_ceph: released (15.1.0-0ubuntu3)