Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 1 Feb 2020 01:17:26 +0530
From: Hardik Vyas <>
Subject: CVE-2020-1700 ceph: connection leak in the RGW Beast front-end
 permits a DoS against the RGW server


A flaw was found in the way the Ceph RGW Beast front-end handles unexpected
An authenticated attacker can abuse this flaw by making multiple disconnect
attempts resulting
in a permanent leak of a socket connection by radosgw. This flaw could lead
to a denial of service
condition by pile up of CLOSE_WAIT sockets, eventually leading to the
exhaustion of available
resources, preventing legitimate users from connecting to the system.

This flaw affects Nautilus based versions. If Beast front end is in use,
switch to CivetWeb to mitigate
the issue. Red Hat has assigned CVE-2020-1700 and rated as Moderate impact


Credit: Or Friedmann(Red Hat)


Hardik Vyas / Red Hat Product Security

BD48 C633 DE34 733A BBC3  3B72 8A14 AEBB D68B 9381

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.