Service ticket issued using cephx to authenticate with a ceph service like Mon, OSD are vulnerable to replay attack. Ticket is sent with a nonce from client to service, service responds back to client with a mutation of nonce. This lets client verify that the service is what it says it is. Though this does not protect against a replay. If attacker is able to capture/sniff the exchange, attacker can replay the capture to authenticate with ceph service and perform actions only provided by the ceph service. There are no known exploits against this, attacker has to be on the same network as of ceph cluster to be able to capture exchange.
upstream fix: http://tracker.ceph.com/issues/24836 https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
Created ceph tracking bugs for this issue: Affects: fedora-all [bug 1599406]
This issue has been addressed in the following products: Red Hat Ceph Storage 3.0 for Ubuntu 16.04 Via RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2177
This issue has been addressed in the following products: Red Hat Ceph Storage 3 for Red Hat Enterprise Linux 7 Via RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2179
This issue has been addressed in the following products: Red Hat Ceph Storage 2.5 for Ubuntu 16.04. Via RHSA-2018:2274 https://access.redhat.com/errata/RHSA-2018:2274
This issue has been addressed in the following products: Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7 Via RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2261
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-1128
Statement: Red Hat OpenStack Platform ships the flawed package, however RHOSP deployments use the ceph package directly from the Ceph channel. A RHOSP ceph update will therefore not be provided at this time, but please ensure that the underlying Red Hat Ceph Storage is updated.
Fixed upstream in versions: 10.2.11, 12.2.6, and 13.2.1 https://docs.ceph.com/en/latest/releases/jewel/#v10-2-11-jewel https://docs.ceph.com/en/latest/releases/luminous/#v12-2-6-luminous https://docs.ceph.com/en/latest/releases/mimic/#v13-2-1-mimic