CVE-2018-1128

NameCVE-2018-1128
DescriptionIt was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceph (PTS)jessie0.80.7-2+deb8u2vulnerable
buster, sid, stretch10.2.5-7.2vulnerable
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.57-2vulnerable
stretch4.9.110-1vulnerable
stretch (security)4.9.110-3+deb9u4vulnerable
buster4.18.6-1vulnerable
sid4.18.8-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cephsource(unstable)(unfixed)medium
linuxsource(unstable)(unfixed)medium

Notes

[jessie] - linux <ignored> (Protocol change is too difficult)
https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
[jessie] - ceph <no-dsa> (Intrusive changes)
http://tracker.ceph.com/issues/24836
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468

Search for package or bug name: Reporting problems