CVE-2020-1700: 
Wolfi vulnerability analysis and mitigation

A flaw was discovered in the Ceph RGW Beast front-end's handling of unexpected disconnects (CVE-2020-1700). The vulnerability was reported in February 2020 and affects Ceph storage systems using the Beast front-end. An authenticated attacker could exploit this vulnerability by making multiple disconnect attempts, resulting in a permanent leak of socket connections by radosgw (NVD, Red Hat).

The vulnerability stems from improper handling of unexpected disconnects in the Ceph RGW Beast front-end. When an authenticated user initiates multiple disconnect attempts, it causes a permanent leak of socket connections in the radosgw process. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The exploitation of this vulnerability leads to a denial of service condition through the accumulation of CLOSE_WAIT sockets, eventually causing exhaustion of available resources. This prevents legitimate users from connecting to the system. The impact primarily affects the availability of the Ceph RGW service (NVD, OpenSUSE).

As a temporary mitigation, users can switch from Beast to CivetWeb front-end by modifying the /etc/ceph/ceph.conf file. The permanent fix was released in various versions including Ceph 14.2.4-125.el8cp and 14.2.4-51.el7cp. Multiple distributions have released security updates to address this vulnerability, including Ubuntu, Debian, and OpenSUSE (Red Hat, Ubuntu).

Red Hat acknowledged Or Friedman for discovering and reporting this vulnerability. Red Hat also clarified that Red Hat Ceph Storage 3 was not affected as Beast was unsupported in the product, while Red Hat Ceph Storage 4 shipped with a patched version. However, Red Hat Openshift Container Storage 4.2 was affected as it used the vulnerable version of Ceph (Red Hat).