Public Date:
1575866: CVE-2018-1128 ceph: cephx protocol is vulnerable to replay attack
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service.

Find out more about CVE-2018-1128 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Ceph Storage 3 for Ubuntu RHSA-2018:2179 2018-07-11
Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 (ceph) RHSA-2018:2177 2018-07-11
Red Hat Ceph Storage 2 for Ubuntu RHSA-2018:2274 2018-07-26
Red Hat Ceph Storage Tools 2 (ceph) RHSA-2018:2261 2018-07-26

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 ceph Not affected
Red Hat Enterprise Linux 7 ceph-common Affected
Red Hat Ceph Storage 1.3 ceph Will not fix
Last Modified