Public Date:
1576057: CVE-2018-1129 ceph: cephx uses weak signatures
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol.

Find out more about CVE-2018-1129 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Ceph Storage 3 for Ubuntu RHSA-2018:2179 2018-07-11
Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 (ceph) RHSA-2018:2177 2018-07-11
Red Hat Ceph Storage 2 for Ubuntu RHSA-2018:2274 2018-07-26
Red Hat Ceph Storage Tools 2 (ceph) RHSA-2018:2261 2018-07-26

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 ceph Not affected
Red Hat Enterprise Linux 7 ceph-common Affected
Red Hat Ceph Storage 1.3 ceph Affected
Last Modified