UBUNTU-CVE-2018-1279

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-1279

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1279.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-1279

Related

CVE-2018-1279

Published

2018-12-10T19:29:00Z

Modified

2025-04-10T13:17:00Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.

References

Affected packages

Ubuntu:Pro:16.04:LTS / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/ubuntu/rabbitmq-server@3.5.7-1ubuntu0.16.04.4+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.4-1

3.5.4-3

3.5.4-3.1

3.5.7-1

3.5.7-1ubuntu0.16.04.1

3.5.7-1ubuntu0.16.04.2

3.5.7-1ubuntu0.16.04.4

3.5.7-1ubuntu0.16.04.4+esm1

3.5.7-1ubuntu0.16.04.4+esm2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/ubuntu/rabbitmq-server@3.6.10-1ubuntu0.5?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.10-1

3.6.10-1ubuntu0.1

3.6.10-1ubuntu0.3

3.6.10-1ubuntu0.4

3.6.10-1ubuntu0.5

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/ubuntu/rabbitmq-server@3.8.3-0ubuntu0.3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.7.8-4ubuntu2

3.7.18-1

3.8.2-0ubuntu1

3.8.2-0ubuntu1.1

3.8.2-0ubuntu1.2

3.8.2-0ubuntu1.3

3.8.2-0ubuntu1.4

3.8.2-0ubuntu1.5

3.8.3-0ubuntu0.1

3.8.3-0ubuntu0.2

3.8.3-0ubuntu0.3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/ubuntu/rabbitmq-server@3.9.8-6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.8-6

Affected versions

3.*

3.8.9-3ubuntu1

3.9.8-1

3.9.8-2

3.9.8-3

3.9.8-5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.9.8-6",
            "binary_name": "rabbitmq-server"
        }
    ]
}