CVE-2018-1128
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-1128
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1128.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-1128
- Related
- Published
- 2018-07-10T14:29:00Z
- Modified
- 2024-09-11T04:24:39.219448Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
- References
-
- http://tracker.ceph.com/issues/24836
- https://access.redhat.com/errata/RHSA-2018:2177
- https://access.redhat.com/errata/RHSA-2018:2179
- https://access.redhat.com/errata/RHSA-2018:2261
- https://access.redhat.com/errata/RHSA-2018:2274
- https://www.debian.org/security/2018/dsa-4339
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1575866
- https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
- http://www.openwall.com/lists/oss-security/2020/11/17/3
- http://www.openwall.com/lists/oss-security/2020/11/17/4
- https://security-tracker.debian.org/tracker/CVE-2018-1128
Affected packages
Debian:11 / ceph
Package
- Name
- ceph
- Purl
- pkg:deb/debian/ceph?arch=source
Debian:12 / ceph
Package
- Name
- ceph
- Purl
- pkg:deb/debian/ceph?arch=source
Debian:13 / ceph
Package
- Name
- ceph
- Purl
- pkg:deb/debian/ceph?arch=source
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Git / github.com/ceph/ceph
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ceph/ceph
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
mark-v0.*
mark-v0.70-wip
v0.*
v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16.1
v0.17
v0.18
v0.19
v0.2
v0.20
v0.21
v0.21.1
v0.21.2
v0.21.3
v0.22
v0.22.1
v0.22.2
v0.23
v0.23.1
v0.23.2
v0.24
v0.24.1
v0.24.2
v0.24.3
v0.25
v0.25.1
v0.25.2
v0.26
v0.27
v0.27.1
v0.28
v0.28.1
v0.28.2
v0.29
v0.29.1
v0.3
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.36
v0.37
v0.38
v0.39
v0.4
v0.40
v0.41
v0.42
v0.42.1
v0.42.2
v0.43
v0.44
v0.44.1
v0.44.2
v0.45
v0.46
v0.47
v0.47.1
v0.47.2
v0.47.3
v0.48argonaut
v0.49
v0.5
v0.50
v0.51
v0.52
v0.53
v0.54
v0.55
v0.55.1
v0.56
v0.57
v0.58
v0.59
v0.6
v0.60
v0.61
v0.62
v0.63
v0.64
v0.65
v0.66
v0.67
v0.67-rc1
v0.67-rc2
v0.67-rc3
v0.68
v0.69
v0.7
v0.7.1
v0.7.2
v0.7.3
v0.70
v0.71
v0.72
v0.72-rc1
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.8
v0.80
v0.80-rc1
v0.81
v0.82
v0.83
v0.84
v0.85
v0.86
v0.87
v0.88
v0.89
v0.9
v0.90
v0.91
v0.92
v0.93
v0.94
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.1.0
v10.1.1
v10.1.2
v10.2.0
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.1.0
v12.*
v12.0.0
v12.0.1
v12.0.2
v12.0.3
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.1.4
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v12.2.4
v12.2.5
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.1.0
v9.2.0