CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol.
Find out more about CVE-2018-1129 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 5.9 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L |
| Attack Vector | Adjacent Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | Low |
| Availability Impact | Low |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Ceph Storage 3 for Ubuntu | RHSA-2018:2179 | 2018-07-11 |
| Red Hat Enterprise Linux 7 | RHSA-2018:2261 | 2018-07-26 |
| Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 | RHSA-2018:2177 | 2018-07-11 |
| Red Hat Ceph Storage 2 for Ubuntu | RHSA-2018:2274 | 2018-07-26 |
| Red Hat Ceph Storage Tools 2 | RHSA-2018:2261 | 2018-07-26 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | ceph-common | Not affected |
| Red Hat Ceph Storage 1.3 | ceph | Affected |