CVE-2019-3821
First published: Thu Dec 06 2018(Updated: )
A flaw was found in rados gateway shipped as part of ceph. Unclosed file descriptors while denying TCP connections to SSL serving port pile up until exhaustion of resources leading to potencial remote denial of service.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ceph Civetweb | ||
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| Canonical Ubuntu Linux | =19.04 | |
| debian/ceph | 14.2.21-1 16.2.11+ds-2 18.2.4+ds-7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821
- https://github.com/ceph/civetweb/pull/33
- https://usn.ubuntu.com/4035-1/
- https://launchpad.net/bugs/cve/CVE-2019-3821
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674929
- https://bugzilla.redhat.com/show_bug.cgi?id=1656852
- https://security-tracker.debian.org/tracker/CVE-2019-3821
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3821
- https://nvd.nist.gov/vuln/detail/CVE-2019-3821
- https://ubuntu.com/security/CVE-2019-3821
Frequently Asked Questions
What is CVE-2019-3821?
CVE-2019-3821 is a vulnerability found in the way civetweb frontend handles requests for ceph RGW server with SSL enabled, allowing an unauthenticated attacker to create multiple connections and exhaust file descriptors, leading to a remote denial of service.
Which software is affected by CVE-2019-3821?
The software affected by CVE-2019-3821 includes Ceph Civetweb, Canonical Ubuntu Linux 16.04 LTS, Canonical Ubuntu Linux 18.10, and Canonical Ubuntu Linux 19.04.
What is the severity of CVE-2019-3821?
CVE-2019-3821 has a severity rating of 7.5 (High).
How can I fix CVE-2019-3821 on Ubuntu?
To fix CVE-2019-3821 on Ubuntu, you can update the ceph package to version 13.2.4+dfsg1-0ubuntu0.18.10.2 for Ubuntu 18.10 (Cosmic) or version 13.2.4+dfsg1-0ubuntu2.1 for Ubuntu 19.04 (Disco).
Are there any references for CVE-2019-3821?
Yes, you can find references for CVE-2019-3821 at the following links: [Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3821), [GitHub](https://github.com/ceph/civetweb/pull/33), [Ubuntu Security Notice](https://usn.ubuntu.com/4035-1/).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-3821
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/ceph
- canonical/ceph civetweb
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.10
- version/canonical ubuntu linux/19.04
- package-manager/debian