Test ID:	1.3.6.1.4.1.25623.1.0.843337
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3452-1)
Summary:	The remote host is missing an update for the 'ceph' package(s) announced via the USN-3452-1 advisory.
Description:	Summary: The remote host is missing an update for the 'ceph' package(s) announced via the USN-3452-1 advisory. Vulnerability Insight: It was discovered that Ceph incorrectly handled the handle_command function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacker could possibly use this issue to list bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objects with null conditions. A remote attacker could possibly use this issue to cause Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Origin headers. A remote attacker could possibly use this issue to cause Ceph to crash, resulting in a denial of service. (CVE-2016-9579) Affected Software/OS: 'ceph' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5009 RHSA-2016:1384 https://access.redhat.com/errata/RHSA-2016:1384 RHSA-2016:1385 https://access.redhat.com/errata/RHSA-2016:1385 http://tracker.ceph.com/issues/16297 https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6 https://github.com/ceph/ceph/pull/9700 openSUSE-SU-2016:3201 http://lists.opensuse.org/opensuse-updates/2016-12/msg00126.html Common Vulnerability Exposure (CVE) ID: CVE-2016-7031 93240 http://www.securityfocus.com/bid/93240 RHSA-2016:1972 http://rhn.redhat.com/errata/RHSA-2016-1972.html RHSA-2016:1973 http://rhn.redhat.com/errata/RHSA-2016-1973.html http://docs.ceph.com/docs/master/release-notes/#v10-0-1 http://tracker.ceph.com/issues/13207 https://github.com/ceph/ceph/pull/6057 Common Vulnerability Exposure (CVE) ID: CVE-2016-8626 BugTraq ID: 94488 http://www.securityfocus.com/bid/94488 RedHat Security Advisories: RHSA-2016:2815 http://rhn.redhat.com/errata/RHSA-2016-2815.html RedHat Security Advisories: RHSA-2016:2816 http://rhn.redhat.com/errata/RHSA-2016-2816.html RedHat Security Advisories: RHSA-2016:2847 http://rhn.redhat.com/errata/RHSA-2016-2847.html RedHat Security Advisories: RHSA-2016:2848 http://rhn.redhat.com/errata/RHSA-2016-2848.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9579 94936 http://www.securityfocus.com/bid/94936 RHSA-2016:2954 http://rhn.redhat.com/errata/RHSA-2016-2954.html RHSA-2016:2956 http://rhn.redhat.com/errata/RHSA-2016-2956.html RHSA-2016:2994 http://rhn.redhat.com/errata/RHSA-2016-2994.html RHSA-2016:2995 http://rhn.redhat.com/errata/RHSA-2016-2995.html http://tracker.ceph.com/issues/18187 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.