PT-2018-10454 · Ceph+2 · Ceph+2

Siddharth Sharma

Published

2018-07-10

Updated

2026-02-18

CVE-2018-1129

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Ceph branches master, mimic, luminous, and jewel are believed to be vulnerable.

Description A flaw was found in the way signature calculation was handled by the cephx authentication protocol. An attacker with access to the Ceph cluster network who can alter the message payload can bypass signature checks done by the cephx protocol.

Recommendations For Ceph branches master, mimic, luminous, and jewel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

ALT-PU-2018-2306

ALT-PU-2018-2576

ALT-PU-2018-2795

ALT-PU-2018-2796

ALT-PU-2018-2814

AZL-38221

CVE-2018-1129

DLA-1715-1

DSA-4339-1

DSA-4339-2

MGASA-2018-0487

MGASA-2019-0098

MGASA-2019-0171

OPENSUSE-SU-2018_2283-1

OPENSUSE-SU-2018_2738-1

OPENSUSE-SU-2018_3071-1

OPENSUSE-SU-2019:1284-1

OPENSUSE-SU-2019_1284-1

RHSA-2018:2177

RHSA-2018:2261

SUSE-SU-2018:1920-1

SUSE-SU-2018:2193-1

SUSE-SU-2018:2299-1

SUSE-SU-2018:2478-1

SUSE-SU-2018:2775-1

SUSE-SU-2018:2776-1

SUSE-SU-2018:2858-1

SUSE-SU-2018:2862-1

SUSE-SU-2018:2980-1

SUSE-SU-2018:2981-1

SUSE-SU-2018:3961-1

SUSE-SU-2019:0586-1

SUSE-SU-2019:1287-1

Affected Products

Alt Linux

Ceph

Suse

PT-2018-10454 · Ceph+2 · Ceph+2

CVE-2018-1129

Weakness Enumeration

Related Identifiers

Affected Products

References · 593