Ceph RGW Denial-of-Service Vulnerability via Empty x-amz-copy-source Header

A denial-of-service vulnerability has been identified in Ceph's RADOS Gateway (RGW) module, affecting versions through 19.2.3. The issue arises when the `x-amz-copy-source` header is used to copy an object while specifying an empty string as the content. This improper input validation causes the RGW daemon to crash, leading to a service disruption. Notably, this denial-of-service condition can be triggered even during unauthenticated S3 sessions, although AWS credentials are required to create the bucket and source object.

Impact

Exploitation of this vulnerability causes the RGW daemon to crash, making the object storage service unavailable. This disruption affects all object storage operations within RGW, including S3 and Swift interfaces.

Reproduction

The vulnerability can be reproduced by sending a S3 copy object request with the `x-amz-copy-source` header set to an empty string. This can be done using the Python Boto3 SDK by specifying the empty string as the copy source when requesting to put an object.

Remediation

This vulnerability has been patched in Ceph version 8.1z4, which is set to be released this week.