PT-2018-10448 · Red Hat+2 · Ceph+2

Siddharth Sharma

·

Publicado

2018-07-10

·

Atualizado

2021-05-27

·

CVE-2018-1128

CVSS v3.1

7.5

Alta

VetorAV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Ceph branches master, mimic, luminous, and jewel are believed to be vulnerable.
Description The cephx authentication protocol did not correctly verify Ceph clients, making it vulnerable to a replay attack. An attacker with access to the Ceph cluster network who can sniff packets can use this issue to authenticate with the Ceph service and perform actions allowed by the service.
Recommendations For Ceph branches master, mimic, luminous, and jewel, consider restricting access to the Ceph cluster network to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and enhance the authentication mechanisms to prevent replay attacks. Restrict actions allowed by the Ceph service to minimize potential damage from unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-294CWE-287

Identificadores relacionados

ALT-PU-2018-2306
ALT-PU-2018-2576
ALT-PU-2018-2795
ALT-PU-2018-2796
ALT-PU-2018-2814
ALT-PU-2019-1312
CVE-2018-1128
DLA-1715-1
DSA-4339-1
DSA-4339-2
MGASA-2018-0487
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2018_2283-1
OPENSUSE-SU-2018_2738-1
OPENSUSE-SU-2018_3071-1
OPENSUSE-SU-2019:1284-1
OPENSUSE-SU-2019_1284-1
OPENSUSE-SU-2024:10676-1
RHSA-2018:2177
RHSA-2018:2261
SUSE-SU-2018:1920-1
SUSE-SU-2018:2193-1
SUSE-SU-2018:2299-1
SUSE-SU-2018:2478-1
SUSE-SU-2018:2775-1
SUSE-SU-2018:2776-1
SUSE-SU-2018:2858-1
SUSE-SU-2018:2862-1
SUSE-SU-2018:2980-1
SUSE-SU-2018:2981-1
SUSE-SU-2018:3961-1
SUSE-SU-2019:0586-1
SUSE-SU-2019:1287-1

Produtos afetados

Alt Linux
Ceph
Suse