High severity7.5NVD Advisory· Published Jul 10, 2018· Updated Jun 17, 2026
CVE-2018-1128
CVE-2018-1128
Description
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
73- osv-coords71 versionspkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ceph-test&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kernel-docs-azure&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-livepatch-SLE15_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3
< 13.2.4.125+gad802694f5-lp150.2.3.1+ 70 more
- (no CPE)range: < 13.2.4.125+gad802694f5-lp150.2.3.1
- (no CPE)range: < 13.2.4.125+gad802694f5-lp150.2.3.1
- (no CPE)range: < 10.2.11+git.1531487710.3a12911a2e-12.14.2
- (no CPE)range: < 12.2.5+git.1530082629.8cbf63d997-2.16.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 13.2.4.125+gad802694f5-3.7.2
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 10.2.11+git.1531487710.3a12911a2e-12.14.2
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-4.3.1
- Red Hat, Inc./cephv5Range: All versions in branches master, mimic, luminous and jewel
Patches
Vulnerability mechanics
References
12- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468nvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.htmlnvdThird Party Advisory
- tracker.ceph.com/issues/24836nvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2018:2177nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2179nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2261nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2274nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/03/msg00017.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2018/dsa-4339nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2020/11/17/3nvd
- www.openwall.com/lists/oss-security/2020/11/17/4nvd
News mentions
0No linked articles in our index yet.