6.5

CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCeph Storage Version1.3
RedhatCeph Storage Version3
RedhatCeph Storage Mon Version2
RedhatCeph Storage Mon Version3
RedhatCeph Storage Osd Version2
RedhatCeph Storage Osd Version3
RedhatEnterprise Linux Version7.0
CephCeph Version10.2.0
CephCeph Version10.2.1
CephCeph Version10.2.2
CephCeph Version10.2.3
CephCeph Version10.2.4
CephCeph Version10.2.5
CephCeph Version10.2.6
CephCeph Version10.2.7
CephCeph Version10.2.8
CephCeph Version10.2.9
CephCeph Version10.2.10
CephCeph Version10.2.11
CephCeph Version12.2.0
CephCeph Version12.2.1
CephCeph Version12.2.2
CephCeph Version12.2.3
CephCeph Version12.2.4
CephCeph Version12.2.5
CephCeph Version12.2.6
CephCeph Version12.2.7
CephCeph Version13.2.0
CephCeph Version13.2.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OpensuseLeap Version15.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.9% 0.77
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 3.3 6.5 2.9
AV:A/AC:L/Au:N/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2177
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2179
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2261
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2274
Third Party Advisory
https://www.debian.org/security/2018/dsa-4339
Third Party Advisory
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
http://tracker.ceph.com/issues/24837
Vendor Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
Patch
Third Party Advisory
Issue Tracking
https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
Patch
Third Party Advisory