CVE-2018-1128
First published: Tue May 08 2018(Updated: )
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ceph | <2:10.2.10-28.el7c | 2:10.2.10-28.el7c |
| redhat/ceph-ansible | <0:3.0.39-1.el7c | 0:3.0.39-1.el7c |
| redhat/ceph | <2:12.2.4-30.el7c | 2:12.2.4-30.el7c |
| redhat/cephmetrics | <0:1.0.1-1.el7c | 0:1.0.1-1.el7c |
| redhat/nfs-ganesha | <0:2.5.5-6.el7c | 0:2.5.5-6.el7c |
| debian/ceph | 12.2.11+dfsg1-2.1 12.2.11+dfsg1-2.1+deb10u1 14.2.21-1 16.2.11+ds-2 16.2.11+ds-5 | |
| debian/linux | 4.19.249-2 4.19.289-2 5.10.197-1 5.10.191-1 6.1.55-1 6.1.52-1 6.5.6-1 6.5.8-1 | |
| redhat/ceph | <10.2.11 | 10.2.11 |
| redhat/ceph | <12.2.6 | 12.2.6 |
| redhat/ceph | <13.2.1 | 13.2.1 |
| Redhat Ceph Storage | =3 | |
| Redhat Ceph Storage Mon | =2 | |
| Redhat Ceph Storage Mon | =3 | |
| Redhat Ceph Storage Osd | =2 | |
| Redhat Ceph Storage Osd | =3 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Redhat Ceph | >=10.2.0<=13.2.1 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| openSUSE Leap | =15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
- http://tracker.ceph.com/issues/24836
- http://www.openwall.com/lists/oss-security/2020/11/17/3
- http://www.openwall.com/lists/oss-security/2020/11/17/4
- https://access.redhat.com/errata/RHSA-2018:2177
- https://access.redhat.com/errata/RHSA-2018:2179
- https://access.redhat.com/errata/RHSA-2018:2261
- https://access.redhat.com/errata/RHSA-2018:2274
- https://bugzilla.redhat.com/show_bug.cgi?id=1575866
- https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://www.debian.org/security/2018/dsa-4339
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1599406
- https://access.redhat.com/security/cve/cve-2018-1128
- https://docs.ceph.com/en/latest/releases/jewel/#v10-2-11-jewel
- https://docs.ceph.com/en/latest/releases/luminous/#v12-2-6-luminous
- https://docs.ceph.com/en/latest/releases/mimic/#v13-2-1-mimic
- https://www.cve.org/CVERecord?id=CVE-2018-1128 https://nvd.nist.gov/vuln/detail/CVE-2018-1128
- https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
- https://security-tracker.debian.org/tracker/CVE-2018-1128
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2018-1128?
CVE-2018-1128 is a vulnerability in the cephx authentication protocol that allows attackers to authenticate with the ceph service and perform unauthorized actions.
How severe is CVE-2018-1128?
CVE-2018-1128 has a severity rating of 7.5 (high).
Which software versions are affected by CVE-2018-1128?
Versions 10.2.11, 12.2.6, and 13.2.1 of the ceph package are affected by CVE-2018-1128.
How can I fix CVE-2018-1128?
The recommended fix for CVE-2018-1128 is to update to version 10.2.11, 12.2.6, or 13.2.1 of the ceph package, depending on your current version.
Where can I find more information about CVE-2018-1128?
You can find more information about CVE-2018-1128 at the following references: [1] http://tracker.ceph.com/issues/24836 [2] https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468 [3] https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1599406
- collector/redhat-cve
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1128
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- package-manager/debian
- vendor/redhat
- canonical/redhat ceph storage
- version/redhat ceph storage/3
- canonical/redhat ceph storage mon
- version/redhat ceph storage mon/2
- version/redhat ceph storage mon/3
- canonical/redhat ceph storage osd
- version/redhat ceph storage osd/2
- version/redhat ceph storage osd/3
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- canonical/redhat ceph
- version/redhat ceph/10.2.0
- version/redhat ceph/13.2.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0