CVE-2018-1128

NameCVE-2018-1128
DescriptionIt was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1715-1, DSA-4339-1
Debian Bugs913471

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ceph (PTS)jessie, jessie (lts)0.80.7-2+deb8u5vulnerable
stretch (security), stretch (lts), stretch10.2.11-2+deb9u1fixed
buster12.2.11+dfsg1-2.1fixed
bullseye14.2.21-1fixed
sid, bookworm16.2.11+ds-2fixed
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2fixed
stretch (lts), stretch4.9.320-3fixed
buster4.19.249-2fixed
buster (security)4.19.269-1fixed
bullseye5.10.158-2fixed
bullseye (security)5.10.162-1fixed
bookworm6.1.15-1fixed
sid6.1.20-1fixed
linux-4.9 (PTS)jessie, jessie (lts)4.9.303-1~deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cephsourcestretch10.2.11-1DSA-4339-1
cephsource(unstable)12.2.8+dfsg1-1913471
linuxsourcewheezy(unfixed)end-of-life
linuxsourcestretch4.9.144-1
linuxsource(unstable)4.19.9-1
linux-4.9sourcejessie4.9.144-3.1~deb8u1DLA-1715-1

Notes

[jessie] - linux <ignored> (Protocol change is too difficult)
https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
[jessie] - ceph <no-dsa> (Intrusive changes)
http://tracker.ceph.com/issues/24836
https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
Search for package or bug name: Reporting problems