CVE-2016-5009
Summary
| CVE | CVE-2016-5009 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-07-12 19:59:00 UTC |
| Updated | 2023-02-12 23:22:00 UTC |
| Description | The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Ceph | All | All | All | All |
| Application | Redhat | Ceph Storage Mon | 1.3 | All | All | All |
| Application | Redhat | Ceph Storage Mon | 1.3 | All | All | All |
| Application | Redhat | Ceph Storage Osd | 1.3 | All | All | All |
| Application | Redhat | Ceph Storage Osd | 1.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Merge pull request #9700 from JiYou/fix-monitor-crush · ceph/ceph@957ece7 · GitHub | CONFIRM | github.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Bug #16297: Monitor die if moncommand without "prefix" item - Ceph - Ceph | CONFIRM | tracker.ceph.com | Vendor Advisory |
| openSUSE-SU-2016:3201-1: moderate: Security update for ceph | SUSE | lists.opensuse.org | |
| CVE-2016-5009 - Red Hat Customer Portal | MISC | access.redhat.com | |
| mon: Monitor: validate prefix on handle_command() by JiYou · Pull Request #9700 · ceph/ceph · GitHub | CONFIRM | github.com | |
| 1351453 – (CVE-2016-5009) CVE-2016-5009 Ceph monitor crash: mon_command crashes ceph monitors on receiving empty prefix | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.