Unrated severityNVD Advisory· Published Jul 10, 2018· Updated Sep 16, 2024

CVE-2018-1128

Description

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Affected products

osv-coords71 versions
pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/ceph-test&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-docs-azure&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-livepatch-SLE15_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP3 pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3
< 13.2.4.125+gad802694f5-lp150.2.3.1+ 70 more
- (no CPE)range: < 13.2.4.125+gad802694f5-lp150.2.3.1
- (no CPE)range: < 13.2.4.125+gad802694f5-lp150.2.3.1
- (no CPE)range: < 10.2.11+git.1531487710.3a12911a2e-12.14.2
- (no CPE)range: < 12.2.5+git.1530082629.8cbf63d997-2.16.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 13.2.4.125+gad802694f5-3.7.2
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 12.2.7+git.1531910353.c0ef85b854-2.12.1
- (no CPE)range: < 10.2.11+git.1531487710.3a12911a2e-12.14.2
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.155-4.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-94.50.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.155-3.23.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 4.12.14-25.19.1
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-4.3.1
Red Hat, Inc./cephv5
Range: All versions in branches master, mimic, luminous and jewel

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2018:2177mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2179mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2261mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2274mitrevendor-advisoryx_refsource_REDHAT
www.debian.org/security/2018/dsa-4339mitrevendor-advisoryx_refsource_DEBIAN
tracker.ceph.com/issues/24836mitrex_refsource_CONFIRM
www.openwall.com/lists/oss-security/2020/11/17/3mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2020/11/17/4mitremailing-listx_refsource_MLIST
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468mitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2019/03/msg00017.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000