2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2018-1129" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2018-07-10T14:29:00.417" ,
2024-11-23 09:11:19 +00:00
"lastModified" : "2024-11-21T03:59:15.087" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
} ,
{
"lang" : "es" ,
"value" : "Se ha encontrado un error en la forma en la que el c\u00e1lculo de firmas es gestionado por el protocolo de autenticaci\u00f3n cephx. Un atacante que tenga acceso a la red de cl\u00fasters ceph y que pueda alterar la carga \u00fatil de los mensajes podr\u00eda omitir las comprobaciones de firma realizadas por el protocolo cephx. Se cree que las ramas de ceph master, mimic, luminous y jewel son vulnerables."
}
] ,
"metrics" : {
"cvssMetricV30" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" ,
2024-11-23 09:11:19 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
2024-11-23 09:11:19 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:A/AC:L/Au:N/C:N/I:P/A:N" ,
2024-11-23 09:11:19 +00:00
"baseScore" : 3.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "ADJACENT_NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-11-23 09:11:19 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "LOW" ,
"exploitabilityScore" : 6.5 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
2024-11-23 09:11:19 +00:00
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
2024-11-23 09:11:19 +00:00
"value" : "CWE-284"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
2024-11-23 09:11:19 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
2024-11-23 09:11:19 +00:00
"value" : "CWE-287"
2023-04-24 12:24:31 +02:00
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "26E67C3A-4458-4DC9-B40E-C0B285C87211"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E9184616-421F-4EA9-AC1A-A4C95BBAAC99"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8C2EBAD9-F0D5-4176-9C4D-001B230E699E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CD2F9BA8-FE0A-43DE-A756-C35A24C3D96E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AA5F5227-DBDA-4C01-BF7C-4D53F455404F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A80BACB5-7A56-4BC6-9261-58A3860F4E8C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "33C068A4-3780-4EAB-A937-6082DF847564"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "51EF4996-72F4-4FA4-814F-F5991E7A8318"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8901022A-8A84-494A-A5BF-358F2CBBDFFF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "76788B0A-7776-4D0C-B0D7-C855E9A0231E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7A925DB4-83DC-45D1-A48B-1675A111213B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D22BA440-CB28-445C-A7F8-CBD6E8965B2E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A503C653-AFEB-4E5A-872B-AD033C0E2259"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C00462A-A1B8-42A7-9336-DE1BF5510B6B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3505D4E2-4EA8-40A4-A57C-46CCA9922EF3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "09EC481B-79F0-41DB-B95F-D1A221C96F4B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "31F159B5-AF02-48BE-B994-749F21B9D362"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D9684039-7938-405D-B833-4C54BFBD6476"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8FAE4350-8F39-4E78-AB25-17DE76FD57AF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3B2369D2-4413-447C-A0A8-84CA37B1F5B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3515BF53-4921-462F-820E-B842BB3FF066"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "48067E54-26F5-4020-BCEA-A65C2536618B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F9A86B91-78C3-4D02-B7C8-11AAFB1CCCEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CDBD084F-4A0B-4231-8465-61F8BE5E57F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0885F67A-E01B-4BF2-A760-D452B55C5F69"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DB9D95E9-52F3-459C-89AD-6FCA6A975085"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "087C6821-9A77-4CC8-8AA0-2C51414D9B58"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A667C6AF-76D4-4192-A8BF-395F368EFAE4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "13BF6806-6E69-4172-9260-2E97FB253339"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DCAE0EE4-BBE9-4DBD-84CC-9A72E97E73E6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEECE5FC-CACF-4496-A3E7-164736409252"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1E78106-58E6-4D59-990F-75DA575BFAD9"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://tracker.ceph.com/issues/24837" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2177" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2179" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2261" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2274" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1576057" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2018/dsa-4339" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
2024-11-23 09:11:19 +00:00
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://tracker.ceph.com/issues/24837" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2177" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2179" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2261" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2018:2274" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1576057" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2018/dsa-4339" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
