Project

General

Profile

Actions
Copy link

Bug #63004

closed

CVE-2023-43040 - Improperly verified POST keys.

Added by Christian Rohmann 7 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Casey Bodley
Target version:
Ceph - v19.0.0
% Done:

100%

Source:
Tags:
rgw backport_processed
Backport:
pacific quincy reef
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
53714
Crash signature (v1):
Crash signature (v2):

Description

There was a post / CVE reported (https://www.openwall.com/lists/oss-security/2023/09/26/10) about a security issue with RGW when dealing with POST keys.
There even is a patch / proposed fix attached to the report.

It seems strange there apparently is no report on this tracker yet?
I took the liberty to raise this now and kindly ask you to clarify if and how this is a real issue and what is happening to get this patched.

Files

Download all files
s3-tests.patch (2.02 KB) s3-tests.patch s3test case Casey Bodley, 09/27/2023 04:55 PM
rgw.patch (1.68 KB) rgw.patch rgw bug fix Casey Bodley, 09/27/2023 04:55 PM

Related issues 3 (0 open3 closed)

Copied to rgw - Backport #63040: pacific: CVE-2023-43040 - Improperly verified POST keys.ResolvedCasey BodleyActions
Copied to rgw - Backport #63041: quincy: CVE-2023-43040 - Improperly verified POST keys.ResolvedCasey BodleyActions
Copied to rgw - Backport #63042: reef: CVE-2023-43040 - Improperly verified POST keys.ResolvedCasey BodleyActions
Actions
Copy link Download all files
 #1

Updated by Casey Bodley 7 months ago

thanks for creating the tracker issue. i've attached the patch and test cases that were provided with the initial report

Actions
Copy link
 #2

Updated by Nicolas Lindae 7 months ago

I believe the attached S3 test is missing the bucket name in the form-data (thereby not actually testing the CVE), i.e. ("bucket" , bucket_name) as part of payload

Actions
Copy link
 #3

Updated by Casey Bodley 7 months ago

  • Assignee set to Casey Bodley
  • Backport set to pacific quincy reef
Actions
Copy link
 #4

Updated by Casey Bodley 7 months ago

Nicolas Lindae wrote:

I believe the attached S3 test is missing the bucket name in the form-data (thereby not actually testing the CVE), i.e. ("bucket" , bucket_name) as part of payload

thank you, i'll fix that. no wonder i was having issues reproducing it

Actions
Copy link
 #5

Updated by Casey Bodley 7 months ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 53714
Actions
Copy link
 #7

Updated by Casey Bodley 7 months ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #8

Updated by Backport Bot 7 months ago

  • Copied to Backport #63040: pacific: CVE-2023-43040 - Improperly verified POST keys. added
Actions
Copy link
 #9

Updated by Backport Bot 7 months ago

  • Copied to Backport #63041: quincy: CVE-2023-43040 - Improperly verified POST keys. added
Actions
Copy link
 #10

Updated by Backport Bot 7 months ago

  • Copied to Backport #63042: reef: CVE-2023-43040 - Improperly verified POST keys. added
Actions
Copy link
 #11

Updated by Backport Bot 7 months ago

  • Tags changed from rgw to rgw backport_processed
Actions
Copy link
 #12

Updated by Konstantin Shalygin 7 months ago

  • Status changed from Pending Backport to Resolved
  • Target version set to v19.0.0
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF