Bug 1576057 (CVE-2018-1129)
Summary: | CVE-2018-1129 ceph: cephx uses weak signatures | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Siddharth Sharma <sisharma> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | Aron Gunn <agunn> |
Priority: | medium | ||
Version: | unspecified | CC: | agunn, branto, danmick, david, fedora, i, josef, kdreyer, kkeithle, ramkrsna, security-response-team, sisharma, steve, sweil, tserlin, uboppana, yehuda, yozone |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ceph 10.2.11, ceph 12.2.6, ceph 13.2.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-07-24 09:06:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1576438, 1576439, 1576440, 1599405, 1599408, 1662077 | ||
Bug Blocks: | 1574281 |
Description
Siddharth Sharma
2018-05-08 16:56:30 UTC
upstream fix: http://tracker.ceph.com/issues/24837 https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1599408] This issue has been addressed in the following products: Red Hat Ceph Storage 3.0 for Ubuntu 16.04 Via RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2177 This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2179 This issue has been addressed in the following products: Red Hat Ceph Storage 2 for Ubuntu 16.04 Via RHSA-2018:2274 https://access.redhat.com/errata/RHSA-2018:2274 This issue has been addressed in the following products: Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 Via RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2261 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-1129 Fixed upstream in versions: 10.2.11, 12.2.6, and 13.2.1 https://docs.ceph.com/en/latest/releases/jewel/#v10-2-11-jewel https://docs.ceph.com/en/latest/releases/luminous/#v12-2-6-luminous https://docs.ceph.com/en/latest/releases/mimic/#v13-2-1-mimic |