Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2016-5009

Published: 12/07/2016 Updated: 12/02/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Enterprise Linux Desktop

Vulnerability Summary

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat ceph storage osd 1.3

redhat ceph storage mon 1.3

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux server 7.0

redhat ceph

Vendor Advisories

Ubuntu Security Notice: ceph vulnerabilities
Several security issues were fixed in Ceph ...
Debian CVElist Bug Report Logs: ceph: CVE-2016-9579
Debian Bug report logs - #849048 ceph: CVE-2016-9579 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 22 Dec 2016 05:51:02 UTC Severity: important Tags: security, upstream Found in versions ceph/08011- ...
Debian CVElist Bug Report Logs: ceph: CVE-2016-8626: RGW Denial of Service by sending POST object with null conditions
Debian Bug report logs - #844200 ceph: CVE-2016-8626: RGW Denial of Service by sending POST object with null conditions Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 13 Nov 2016 10:12:02 UTC Severity: ...
Debian CVElist Bug Report Logs: ceph: CVE-2016-5009: Ceph monitor crash: mon_command crashes ceph monitors on receiving empty prefix
Debian Bug report logs - #829661 ceph: CVE-2016-5009: Ceph monitor crash: mon_command crashes ceph monitors on receiving empty prefix Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 5 Jul 2016 06:12:11 U ...
Debian CVElist Bug Report Logs: ceph: CVE-2016-7031: rgw: Anonymous user is able to read bucket with authenticated read ACL
Debian Bug report logs - #838026 ceph: CVE-2016-7031: rgw: Anonymous user is able to read bucket with authenticated read ACL Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Sep 2016 15:15:01 UTC Sever ...
Red Hat: CVE-2016-5009
A flaw was found in the way handle_command() function would validate prefix value from user An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash ...

References

CWE-20https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6http://tracker.ceph.com/issues/16297https://access.redhat.com/errata/RHSA-2016:1384https://github.com/ceph/ceph/pull/9700https://access.redhat.com/errata/RHSA-2016:1385http://lists.opensuse.org/opensuse-updates/2016-12/msg00126.htmlhttps://usn.ubuntu.com/3452-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook