Launchpad.net

CVE 2018-1128

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Related bugs and status

CVE-2018-1128 (Candidate) is related to these bugs:

Bug #1769252: [SRU] ceph 12.2.7

		In	Importance	Status
1769252	[SRU] ceph 12.2.7	ceph (Ubuntu)	Undecided	Invalid
1769252	[SRU] ceph 12.2.7	ceph (Ubuntu Bionic)	Medium	Fix Released
1769252	[SRU] ceph 12.2.7	Ubuntu Cloud Archive	Undecided	Invalid
1769252	[SRU] ceph 12.2.7	Ubuntu Cloud Archive queens	Medium	Fix Released
1769252	[SRU] ceph 12.2.7	Ubuntu Cloud Archive pike	Medium	Won't Fix

Bug #1784401: [SRU] ceph 10.2.11

		In	Importance	Status
1784401	[SRU] ceph 10.2.11	Ubuntu Cloud Archive	Undecided	Invalid
1784401	[SRU] ceph 10.2.11	ceph (Ubuntu)	Undecided	Invalid
1784401	[SRU] ceph 10.2.11	ceph (Ubuntu Xenial)	Medium	Fix Released
1784401	[SRU] ceph 10.2.11	Ubuntu Cloud Archive mitaka	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-1128

Related bugs and status

Related bugs

References