CVE - CVE-2018-1129

CVE-ID
CVE-2018-1129	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://tracker.ceph.com/issues/24837 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1576057 CONFIRM:https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587 REDHAT:RHSA-2018:2177 URL:https://access.redhat.com/errata/RHSA-2018:2177 REDHAT:RHSA-2018:2179 URL:https://access.redhat.com/errata/RHSA-2018:2179 REDHAT:RHSA-2018:2261 URL:https://access.redhat.com/errata/RHSA-2018:2261 REDHAT:RHSA-2018:2274 URL:https://access.redhat.com/errata/RHSA-2018:2274
Assigning CNA
Red Hat, Inc.
Date Entry Created
20171204	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20171204)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org