PT-2018-10454 · Ceph+2 · Ceph+2

Siddharth Sharma

Publicado

2018-07-10

Atualizado

2026-02-18

CVE-2018-1129

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Ceph branches master, mimic, luminous, and jewel are believed to be vulnerable.

Description A flaw was found in the way signature calculation was handled by the cephx authentication protocol. An attacker with access to the Ceph cluster network who can alter the message payload can bypass signature checks done by the cephx protocol.

Recommendations For Ceph branches master, mimic, luminous, and jewel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-287

Identificadores relacionados

ALT-PU-2018-2306

ALT-PU-2018-2576

ALT-PU-2018-2795

ALT-PU-2018-2796

ALT-PU-2018-2814

AZL-38221

CVE-2018-1129

DLA-1715-1

DSA-4339-1

DSA-4339-2

MGASA-2018-0487

MGASA-2019-0098

MGASA-2019-0171

OPENSUSE-SU-2018_2283-1

OPENSUSE-SU-2018_2738-1

OPENSUSE-SU-2018_3071-1

OPENSUSE-SU-2019:1284-1

OPENSUSE-SU-2019_1284-1

RHSA-2018:2177

RHSA-2018:2261

SUSE-SU-2018:1920-1

SUSE-SU-2018:2193-1

SUSE-SU-2018:2299-1

SUSE-SU-2018:2478-1

SUSE-SU-2018:2775-1

SUSE-SU-2018:2776-1

SUSE-SU-2018:2858-1

SUSE-SU-2018:2862-1

SUSE-SU-2018:2980-1

SUSE-SU-2018:2981-1

SUSE-SU-2018:3961-1

SUSE-SU-2019:0586-1

SUSE-SU-2019:1287-1

Produtos afetados

Alt Linux

Ceph

Suse

PT-2018-10454 · Ceph+2 · Ceph+2

CVE-2018-1129

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 593