CVE-2018-1128

NameCVE-2018-1128
DescriptionIt was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1715-1, DSA-4339-1
NVD severitymedium
Debian Bugs913471

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceph (PTS)stretch (security), stretch10.2.11-2fixed
buster12.2.11+dfsg1-2.1fixed
bullseye, sid14.2.9-1fixed
linux (PTS)stretch4.9.210-1fixed
stretch (security)4.9.210-1+deb9u1fixed
buster4.19.118-2fixed
buster (security)4.19.118-2+deb10u1fixed
bullseye, sid5.7.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cephsource(unstable)12.2.8+dfsg1-1913471
cephsourcestretch10.2.11-1DSA-4339-1
linuxsource(unstable)4.19.9-1
linuxsourcestretch4.9.144-1
linux-4.9sourcejessie4.9.144-3.1~deb8u1DLA-1715-1

Notes

[jessie] - linux <ignored> (Protocol change is too difficult)
https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
[jessie] - ceph <no-dsa> (Intrusive changes)
http://tracker.ceph.com/issues/24836
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468

Search for package or bug name: Reporting problems