CVE-2018-1129

LOW

Description

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html

http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html

http://tracker.ceph.com/issues/24837

https://access.redhat.com/errata/RHSA-2018:2177

https://access.redhat.com/errata/RHSA-2018:2179

https://access.redhat.com/errata/RHSA-2018:2261

https://access.redhat.com/errata/RHSA-2018:2274

https://bugzilla.redhat.com/show_bug.cgi?id=1576057

https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://www.debian.org/security/2018/dsa-4339

Details

Source: MITRE

Published: 2018-07-10

Updated: 2019-08-29

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 3.3

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.5

Severity: LOW

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
132360EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2693)NessusHuawei Local Security Checks
high
125282SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124358openSUSE Security Update : ceph (openSUSE-2019-1284)NessusSuSE Local Security Checks
medium
123329openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)NessusSuSE Local Security Checks
high
122879Debian DLA-1715-1 : linux-4.9 security update (Spectre)NessusDebian Local Security Checks
high
122809SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:0586-1)NessusSuSE Local Security Checks
medium
120338Fedora 28 : 1:ceph (2018-327707371e)NessusFedora Local Security Checks
medium
120118SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2980-1)NessusSuSE Local Security Checks
high
118939Debian DSA-4339-1 : ceph - security updateNessusDebian Local Security Checks
medium
117988openSUSE Security Update : the Linux Kernel (openSUSE-2018-1140)NessusSuSE Local Security Checks
high
117800SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)NessusSuSE Local Security Checks
high
117629SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)NessusSuSE Local Security Checks
high
117523openSUSE Security Update : the Linux Kernel (openSUSE-2018-1016)NessusSuSE Local Security Checks
high
112079SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2018:2478-1)NessusSuSE Local Security Checks
medium
111635openSUSE Security Update : ceph (openSUSE-2018-854)NessusSuSE Local Security Checks
medium
111559Fedora 27 : 1:ceph (2018-8738f5f4a7)NessusFedora Local Security Checks
medium
111548SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2018:2193-1)NessusSuSE Local Security Checks
medium
111364RHEL 7 : Red Hat Ceph Storage 2.5 (RHSA-2018:2261)NessusRed Hat Local Security Checks
medium
111145RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)NessusRed Hat Local Security Checks
medium