CVE-2018-1129

Priority
Description
A flaw was found in the way signature calculation was handled by cephx
authentication protocol. An attacker having access to ceph cluster network
who is able to alter the message payload was able to bypass signature
checks done by cephx protocol. Ceph branches master, mimic, luminous and
jewel are believed to be vulnerable.
Package
Source: ceph (LP Ubuntu Debian)
Upstream:released (10.2.11,12.2.6)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (10.2.11-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (12.2.7-0ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (13.2.4+dfsg1-0ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (13.2.4+dfsg1-0ubuntu1)
Patches:
Upstream:https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
Upstream:https://github.com/ceph/ceph/commit/436b08688a5be238280a6e93de8658c10d72044c (mimic)
Upstream:https://github.com/ceph/ceph/commit/546d15b25eb2af8b27ec509344c1a45387f77a57 (jewel)
More Information

Updated: 2019-09-19 14:43:05 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)