Vulnerability Details : CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-1129
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*
Threat overview for CVE-2018-1129
Top countries where our scanners detected CVE-2018-1129
Top open port discovered on systems with this issue
53
IPs affected by CVE-2018-1129 636,251
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-1129!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-1129
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1129
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:P/A:N |
6.5
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-1129
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: secalert@redhat.com (Secondary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1129
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
[SECURITY] [DLA 1715-1] linux-4.9 security updateMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
Kernel Live Patch Security Notice LSN-0054-1 ≈ Packet Storm
-
https://access.redhat.com/errata/RHSA-2018:2274
RHSA-2018:2274 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1576057
1576057 – (CVE-2018-1129) CVE-2018-1129 ceph: cephx uses weak signaturesIssue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
[security-announce] openSUSE-SU-2019:1284-1: moderate: Security update fThird Party Advisory
-
https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
auth/cephx/CephxSessionHandler: implement CEPHX_V2 calculation mode · ceph/ceph@8f396cf · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2261
RHSA-2018:2261 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4339
Debian -- Security Information -- DSA-4339-1 cephThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2177
RHSA-2018:2177 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://tracker.ceph.com/issues/24837
Bug #24837: auth: cephx signature check is weak/broken - RADOS - CephIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2179
RHSA-2018:2179 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to