CVE-2018-1129

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1129
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1129.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1129
Downstream
Related
Published
2018-07-10T14:29:00.417Z
Modified
2026-02-08T22:35:53.772773Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

References

Affected packages

Git / github.com/ceph/ceph

Affected ranges

Type
GIT
Repo
https://github.com/ceph/ceph
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d0909a0ace0d739990e3555707f415e61096d9c
Last affected
2dab17a455c09584f2a85e6b10888337d1ec8949
Last affected
2ee413f77150c0f375ff6f10edd6c8f9c7d060d0
Last affected
32ce2a3ae5239ee33d6150705cdb24d43bab910c
Last affected
3a66dd4f30852819c1bdaa8ec23c795d4ad77269
Last affected
3a9fba20ec743699b69bd0181dd6c54dc01c64b9
Last affected
3e7492b9ada8bdc9a5cd0feafd42fbca27f9c38e
Last affected
3ec878d1e53e1aeb47a9f619c49d9e7c0aa384d5
Last affected
45107e21c568dd033c2f0a3107dec8f0b0e58374
Last affected
488df8a1076c4f5fc5b8d18a90463262c438740f
Last affected
50e863e0f4bc8f4b9e31156de690d765af245185
Last affected
52085d5249a80c5f5121a76d6288429f35e4e77b
Last affected
5533ecdc0fda920179d7ad84e0aa65a127b20d77
Last affected
5dc1e4c05cb68dbf62ae6fce3f0700e4654fdbbe
Last affected
656b5b63ed7c43bd014bcafd81b001959d5f089f
Last affected
9411351cc8ce9ee03fbd46225102fe3d28ddf611
Last affected
c461ee19ecbc0c5c330aca20f7392c9a00730367
Last affected
cad919881333ac92274171586c827e01f554a70a
Last affected
cf0baeeeeba3b47f9427c6c97e2144b094b7e5ba
Last affected
e4b061b47f07f583c92a050d9e84b1813a35671e
Last affected
ecc23778eb545d8dd55e2e4735b53cc93f92e65b
Last affected
f38fff5d093da678f6736c7a008511873c8d0fda
Last affected
f5b1f1fd7c0be0506ba73502a675de9d048b744e

Affected versions

mark-v0.*
mark-v0.70-wip
v0.*
v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16.1
v0.17
v0.18
v0.19
v0.2
v0.20
v0.21
v0.21.1
v0.21.2
v0.21.3
v0.22
v0.22.1
v0.22.2
v0.23
v0.23.1
v0.23.2
v0.24
v0.24.1
v0.24.2
v0.24.3
v0.25
v0.25.1
v0.25.2
v0.26
v0.27
v0.27.1
v0.28
v0.28.1
v0.28.2
v0.29
v0.29.1
v0.3
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.36
v0.37
v0.38
v0.39
v0.4
v0.40
v0.41
v0.42
v0.42.1
v0.42.2
v0.43
v0.44
v0.44.1
v0.44.2
v0.45
v0.46
v0.47
v0.47.1
v0.47.2
v0.47.3
v0.48argonaut
v0.49
v0.5
v0.50
v0.51
v0.52
v0.53
v0.54
v0.55
v0.55.1
v0.56
v0.57
v0.58
v0.59
v0.6
v0.60
v0.61
v0.62
v0.63
v0.64
v0.65
v0.66
v0.67
v0.67-rc1
v0.67-rc2
v0.67-rc3
v0.68
v0.69
v0.7
v0.7.1
v0.7.2
v0.7.3
v0.70
v0.71
v0.72
v0.72-rc1
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.8
v0.80
v0.80-rc1
v0.81
v0.82
v0.83
v0.84
v0.85
v0.86
v0.87
v0.88
v0.89
v0.9
v0.90
v0.91
v0.92
v0.93
v0.94
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.1.0
v10.1.1
v10.1.2
v10.2.0
v10.2.1
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.2.7
v10.2.8
v10.2.9
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.1.0
v12.*
v12.0.0
v12.0.1
v12.0.2
v12.0.3
v12.1.0
v12.1.1
v12.1.2
v12.1.3
v12.1.4
v12.2.0
v12.2.1
v12.2.2
v12.2.3
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.1.0
v9.2.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1129.json"