PT-2018-10448 · Red Hat+2 · Ceph+2

Siddharth Sharma

·

Published

2018-07-10

·

Updated

2021-05-27

·

CVE-2018-1128

CVSS v3.1

7.5

High

VectorAV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Ceph branches master, mimic, luminous, and jewel are believed to be vulnerable.
Description The cephx authentication protocol did not correctly verify Ceph clients, making it vulnerable to a replay attack. An attacker with access to the Ceph cluster network who can sniff packets can use this issue to authenticate with the Ceph service and perform actions allowed by the service.
Recommendations For Ceph branches master, mimic, luminous, and jewel, consider restricting access to the Ceph cluster network to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and enhance the authentication mechanisms to prevent replay attacks. Restrict actions allowed by the Ceph service to minimize potential damage from unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-294CWE-287

Related Identifiers

ALT-PU-2018-2306
ALT-PU-2018-2576
ALT-PU-2018-2795
ALT-PU-2018-2796
ALT-PU-2018-2814
ALT-PU-2019-1312
CVE-2018-1128
DLA-1715-1
DSA-4339-1
DSA-4339-2
MGASA-2018-0487
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2018_2283-1
OPENSUSE-SU-2018_2738-1
OPENSUSE-SU-2018_3071-1
OPENSUSE-SU-2019:1284-1
OPENSUSE-SU-2019_1284-1
OPENSUSE-SU-2024:10676-1
RHSA-2018:2177
RHSA-2018:2261
SUSE-SU-2018:1920-1
SUSE-SU-2018:2193-1
SUSE-SU-2018:2299-1
SUSE-SU-2018:2478-1
SUSE-SU-2018:2775-1
SUSE-SU-2018:2776-1
SUSE-SU-2018:2858-1
SUSE-SU-2018:2862-1
SUSE-SU-2018:2980-1
SUSE-SU-2018:2981-1
SUSE-SU-2018:3961-1
SUSE-SU-2019:0586-1
SUSE-SU-2019:1287-1

Affected Products

Alt Linux
Ceph
Suse