Ceph octopus lost CEPHX_V2 replay attack, and this was backported to nautilus in v14.2.5.This is very similar to a prior CVE, but we are requesting a new CVE because it only affects nautilus and later. This flaw is very similar to CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service.
https://github.com/ceph/ceph/pull/30524 https://github.com/ceph/ceph/pull/30523 These are the commits where the flaw was introduced.
Acknowledgments: Name: Ilya Dryomov (Red Hat)
Statement: Red Hat Ceph Storage 3 has already had a fix shipped for this particular flaw. RHCS 4.1 is shipped with CVE-2018-1128 vulnerability reintroduced, affecting msgr 2 protocol. Red Hat OpenShift Container Storage (RHOCS) 4 shipped ceph package for the usage of RHOCS 4.2 only, that has reached End Of Life. Hence, ceph package is no longer used and supported with the release of RHOCS 4.3.
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1898551]
Upstream fixes: Ceph 15.2.6: https://github.com/ceph/ceph/commit/6c14c2fb5650426285428dfe6ca1597e5ea1d07d https://github.com/ceph/ceph/commit/1316c82aae8c51b3fe10d8a8f0a87b60db54ee16 https://github.com/ceph/ceph/commit/bafdfec8f974f1a3f7d404bcfd0a4cfad784937d Ceph 14.2.14: https://github.com/ceph/ceph/commit/2927fd91d41e505237cc73f9700e5c6a63e5cb4f https://github.com/ceph/ceph/commit/4c11203122d729c832a645c9e3f5092db4963840 https://github.com/ceph/ceph/commit/bb5d3d58bfcae96d2e5f796eaa74fc0987f79e77
External References: https://ceph.io/community/v15-2-6-octopus-released/ https://ceph.io/releases/v14-2-14-nautilus-released/
This issue has been addressed in the following products: Red Hat Ceph Storage 4.1 Via RHSA-2020:5325 https://access.redhat.com/errata/RHSA-2020:5325
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25660
FEDORA-2020-a8f1120195 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Ceph Storage 4.2 Via RHSA-2021:0081 https://access.redhat.com/errata/RHSA-2021:0081