CVE-2018-1129

Priority
Description
A flaw was found in the way signature calculation was handled by cephx
authentication protocol. An attacker having access to ceph cluster network
who is able to alter the message payload was able to bypass signature
checks done by cephx protocol. Ceph branches master, mimic, luminous and
jewel are believed to be vulnerable.
Notes
Package
Source: ceph (LP Ubuntu Debian)
Upstream:released (10.2.11,12.2.6)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.11-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (12.2.7-0ubuntu0.18.04.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (13.2.4+dfsg1-0ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (13.2.4+dfsg1-0ubuntu1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
Upstream:https://github.com/ceph/ceph/commit/436b08688a5be238280a6e93de8658c10d72044c (mimic)
Upstream:https://github.com/ceph/ceph/commit/546d15b25eb2af8b27ec509344c1a45387f77a57 (jewel)
More Information

Updated: 2020-04-24 03:46:29 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)