CVE-2018-1128

NameCVE-2018-1128
DescriptionIt was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1715-1, DSA-4339-1
Debian Bugs913471

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceph (PTS)bullseye14.2.21-1fixed
bookworm16.2.11+ds-2fixed
trixie18.2.4+ds-9fixed
sid18.2.4+ds-10fixed
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.112-1fixed
trixie6.11.7-1fixed
sid6.11.9-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cephsourcestretch10.2.11-1DSA-4339-1
cephsource(unstable)12.2.8+dfsg1-1913471
linuxsourcestretch4.9.144-1
linuxsource(unstable)4.19.9-1
linux-4.9sourcejessie4.9.144-3.1~deb8u1DLA-1715-1

Notes

[jessie] - linux <ignored> (Protocol change is too difficult)
https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
[jessie] - ceph <no-dsa> (Intrusive changes)
http://tracker.ceph.com/issues/24836
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468

Search for package or bug name: Reporting problems