CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
redhatceph_storage
1.3
redhatenterprise_linux
7.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
cephceph
10.2.0
cephceph
10.2.1
cephceph
10.2.2
cephceph
10.2.3
cephceph
10.2.4
cephceph
10.2.5
cephceph
10.2.6
cephceph
10.2.7
cephceph
10.2.8
cephceph
10.2.9
cephceph
10.2.10
cephceph
10.2.11
cephceph
12.2.0
cephceph
12.2.1
cephceph
12.2.2
cephceph
12.2.3
cephceph
12.2.4
cephceph
12.2.5
cephceph
12.2.6
cephceph
12.2.7
cephceph
13.2.0
cephceph
13.2.1
debiandebian_linux
8.0
debiandebian_linux
9.0
opensuseleap
15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ceph
bullseye
14.2.21-1
fixed
jessie
no-dsa
bookworm
16.2.11+ds-2
fixed
sid
18.2.4+ds-7
fixed
trixie
18.2.4+ds-7
fixed
linux
bullseye
5.10.223-1
fixed
jessie
no-dsa
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ceph
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
xenial
not-affected
trusty
needed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
http://tracker.ceph.com/issues/24837
https://access.redhat.com/errata/RHSA-2018:2177
https://access.redhat.com/errata/RHSA-2018:2179
https://access.redhat.com/errata/RHSA-2018:2261
https://access.redhat.com/errata/RHSA-2018:2274
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://www.debian.org/security/2018/dsa-4339
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
http://tracker.ceph.com/issues/24837
https://access.redhat.com/errata/RHSA-2018:2177
https://access.redhat.com/errata/RHSA-2018:2179
https://access.redhat.com/errata/RHSA-2018:2261
https://access.redhat.com/errata/RHSA-2018:2274
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://www.debian.org/security/2018/dsa-4339