Candidate: CVE-2020-1759
PublicDate: 2020-04-13 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1759
 https://www.openwall.com/lists/oss-security/2020/04/07/2
Description:
 A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift
 Container Storage 4.2 where, A nonce reuse vulnerability was discovered in
 the secure mode of the messenger v2 protocol, which can allow an attacker
 to forge auth tags and potentially manipulate the data by leveraging the
 reuse of a nonce in a session. Messages encrypted using a reused nonce
 value are susceptible to serious confidentiality and integrity attacks.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956139
Priority: medium
Discovered-by: Ilya Dryomov
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N [6.8 MEDIUM]


Patches_ceph:
 upstream: https://github.com/ceph/ceph/commit/20b7bb685c5ea74c651ca1ea547ac66b0fee7035
 upstream: https://github.com/ceph/ceph/commit/dfd1d81cec62e21e21696dc87d4db5f920e51a67
upstream_ceph: released (15.2.1)
precise/esm_ceph: not-affected (code not present)
trusty_ceph: ignored (out of standard support)
trusty/esm_ceph: not-affected (code not present)
xenial_ceph: not-affected (code not present)
esm-infra/xenial_ceph: not-affected (code not present)
bionic_ceph: not-affected (code not present)
eoan_ceph: ignored (reached end-of-life)
focal_ceph: not-affected (15.2.1-0ubuntu1)
devel_ceph: not-affected (15.2.1-0ubuntu2)