CVE-2016-5009 : The handle_command function in mon/Monitor.cc in Ceph allows remote authenticate

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

Published 2016-07-12 19:59:07

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2016-5009

Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Ceph
Versions up to, including, (<=) 0.94.6
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*
Matching versions
Redhat » Ceph Storage Osd » Version: 1.3
cpe:2.3:a:redhat:ceph_storage_osd:1.3:*:*:*:*:*:*:*
Matching versions
Redhat » Ceph Storage Mon » Version: 1.3
cpe:2.3:a:redhat:ceph_storage_mon:1.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Scientific Computing » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5009

EPSS FAQ

1.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5009

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-5009

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-5009

http://lists.opensuse.org/opensuse-updates/2016-12/msg00126.html

openSUSE-SU-2016:3201-1: moderate: Security update for ceph
http://tracker.ceph.com/issues/16297

Bug #16297: Monitor die if moncommand without "prefix" item - Ceph - Ceph
Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:1385

RHSA-2016:1385 - Security Advisory - Red Hat Customer Portal
https://github.com/ceph/ceph/pull/9700

mon: Monitor: validate prefix on handle_command() by JiYou · Pull Request #9700 · ceph/ceph · GitHub
https://access.redhat.com/errata/RHSA-2016:1384

RHSA-2016:1384 - Security Advisory - Red Hat Customer Portal
https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6

Merge pull request #9700 from JiYou/fix-monitor-crush · ceph/ceph@957ece7 · GitHub

Jump to

Vulnerability Details : CVE-2016-5009

Products affected by CVE-2016-5009

Exploit prediction scoring system (EPSS) score for CVE-2016-5009

CVSS scores for CVE-2016-5009

CWE ids for CVE-2016-5009

References for CVE-2016-5009