CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1576057	Issue Tracking Patch Third Party Advisory
http://tracker.ceph.com/issues/24837	Issue Tracking Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2179	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2177	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2274	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2261	Third Party Advisory
https://www.debian.org/security/2018/dsa-4339	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html	Third Party Advisory
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:ceph_storage_osd:2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:a:redhat:ceph_storage:1.3:::::::*
	cpe:2.3:a:redhat:ceph_storage:3:::::::*
	cpe:2.3:a:redhat:ceph_storage_mon:2:::::::*
	cpe:2.3:a:redhat:ceph_storage_mon:3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:a:redhat:ceph_storage_osd:3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ceph:ceph:10.2.2:::::::*
	cpe:2.3:a:ceph:ceph:10.2.4:::::::*
	cpe:2.3:a:ceph:ceph:10.2.11:::::::*
	cpe:2.3:a:ceph:ceph:12.2.1:::::::*
	cpe:2.3:a:ceph:ceph:12.2.6:::::::*
	cpe:2.3:a:ceph:ceph:13.2.0:::::::*
	cpe:2.3:a:ceph:ceph:10.2.6:::::::*
	cpe:2.3:a:ceph:ceph:10.2.7:::::::*
	cpe:2.3:a:ceph:ceph:10.2.8:::::::*
	cpe:2.3:a:ceph:ceph:10.2.9:::::::*
	cpe:2.3:a:ceph:ceph:10.2.0:::::::*
	cpe:2.3:a:ceph:ceph:13.2.1:::::::*
	cpe:2.3:a:ceph:ceph:12.2.7:::::::*
	cpe:2.3:a:ceph:ceph:12.2.5:::::::*
	cpe:2.3:a:ceph:ceph:12.2.4:::::::*
	cpe:2.3:a:ceph:ceph:12.2.3:::::::*
	cpe:2.3:a:ceph:ceph:12.2.2:::::::*
	cpe:2.3:a:ceph:ceph:12.2.0:::::::*
	cpe:2.3:a:ceph:ceph:10.2.10:::::::*
	cpe:2.3:a:ceph:ceph:10.2.5:::::::*
	cpe:2.3:a:ceph:ceph:10.2.3:::::::*
	cpe:2.3:a:ceph:ceph:10.2.1:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 4 (hide)

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Information

Published : 2018-07-10 07:29

Updated : 2019-08-28 20:15

NVD link : CVE-2018-1129

Mitre link : CVE-2018-1129

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux
enterprise_linux_workstation
ceph_storage_osd
ceph_storage_mon
ceph_storage
enterprise_linux_server

ceph

ceph

opensuse

leap

debian

debian_linux

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-1129

6.5^/10

3.3^/10

Attach tags to `CVE-2018-1129`