CVE-2018-1129
- Source
- https://cve.org/CVERecord?id=CVE-2018-1129
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1129.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-1129
- Downstream
- Related
- Published
- 2018-07-10T14:29:00.417Z
- Modified
- 2026-03-15T23:01:26.831603Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
- References
-
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://access.redhat.com/errata/RHSA-2018:2274
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html
- https://access.redhat.com/errata/RHSA-2018:2177
- https://access.redhat.com/errata/RHSA-2018:2261
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://www.debian.org/security/2018/dsa-4339
- https://access.redhat.com/errata/RHSA-2018:2179
- http://tracker.ceph.com/issues/24837
- https://bugzilla.redhat.com/show_bug.cgi?id=1576057
- https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
Affected packages
Git / github.com/ceph/ceph
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ceph/ceph
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2" }, { "introduced": "0" }, { "last_affected": "2" }, { "introduced": "0" }, { "last_affected": "10.2.0" }, { "introduced": "0" }, { "last_affected": "10.2.1" }, { "introduced": "0" }, { "last_affected": "10.2.2" }, { "introduced": "0" }, { "last_affected": "10.2.3" }, { "introduced": "0" }, { "last_affected": "10.2.4" }, { "introduced": "0" }, { "last_affected": "10.2.5" }, { "introduced": "0" }, { "last_affected": "10.2.6" }, { "introduced": "0" }, { "last_affected": "10.2.7" }, { "introduced": "0" }, { "last_affected": "10.2.8" }, { "introduced": "0" }, { "last_affected": "10.2.9" }, { "introduced": "0" }, { "last_affected": "10.2.10" }, { "introduced": "0" }, { "last_affected": "10.2.11" }, { "introduced": "0" }, { "last_affected": "12.2.0" }, { "introduced": "0" }, { "last_affected": "12.2.1" }, { "introduced": "0" }, { "last_affected": "12.2.2" }, { "introduced": "0" }, { "last_affected": "12.2.3" }, { "introduced": "0" }, { "last_affected": "12.2.4" }, { "introduced": "0" }, { "last_affected": "12.2.5" }, { "introduced": "0" }, { "last_affected": "12.2.6" }, { "introduced": "0" }, { "last_affected": "12.2.7" }, { "introduced": "0" }, { "last_affected": "13.2.0" }, { "introduced": "0" }, { "last_affected": "13.2.1" }, { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "0" }, { "last_affected": "15.0" } ] }
Affected versions
mark-v0.*
mark-v0.70-wip
v0.*
v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.16.1
v0.17
v0.18
v0.19
v0.2
v0.20
v0.21
v0.21.1
v0.21.2
v0.21.3
v0.22
v0.22.1
v0.22.2
v0.23
v0.23.1
v0.23.2
v0.24
v0.24.1
v0.24.2
v0.24.3
v0.25
v0.25.1
v0.25.2
v0.26
v0.27
v0.27.1
v0.28
v0.28.1
v0.28.2
v0.29
v0.29.1
v0.3
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.36
v0.37
v0.38
v0.39
v0.4
v0.40
v0.41
v0.42
v0.42.1
v0.42.2
v0.43
v0.44
v0.44.1
v0.44.2
v0.45
v0.46
v0.47
v0.47.1
v0.47.2
v0.47.3
v0.48argonaut
v0.49
v0.5
v0.50
v0.51
v0.52
v0.53
v0.54
v0.55
v0.55.1
v0.56
v0.57
v0.58
v0.59
v0.6
v0.60
v0.61
v0.62
v0.63
v0.64
v0.65
v0.66
v0.67
v0.67-rc1
v0.67-rc2
v0.67-rc3
v0.68
v0.69
v0.7
v0.7.1
v0.7.2
v0.7.3
v0.70
v0.71
v0.72
v0.72-rc1
v0.73
v0.74
v0.75
v0.76
v0.77
v0.78
v0.79
v0.8
v0.80
v0.80-rc1
v0.81
v0.82
v0.83
v0.84
v0.85
v0.86
v0.87
v0.88
v0.89
v0.9
v0.90
v0.91
v0.92
v0.93
v0.94
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.1.0
v10.1.1
v10.1.2
v10.2.0
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.1.0
v12.*
v12.0.0
v12.0.1
v12.0.2
v12.0.3
v12.1.0
v12.1.1
v12.1.2
v13.*
v13.0.0
v13.0.1
v13.0.2
v13.1.0
v9.*
v9.0.0
v9.0.1
v9.0.2
v9.0.3
v9.1.0
v9.2.0
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
}
]
vanir_signatures
[
{
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/auth/cephx/CephxSessionHandler.cc"
},
"id": "CVE-2018-1129-692b6d65",
"deprecated": false,
"source": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
"digest": {
"line_hashes": [
"101714054873615671449533678637528044464",
"204730747377763657306045922406037871061",
"184802433459791542385591813469305405696",
"194278290954202200063202169266421026999",
"285463715664107292597185474115337948286",
"224938655615217954667083534808567329747",
"323238405061339438124703828007163250784",
"14757801484515209770633037163635416171",
"299161139125190904871246778424746238226",
"303706062647846700364494057358149497993",
"138165059623664855551085062335377841829",
"68267178292800905880981098471657786013",
"259515854766984647381144657126725459037",
"55799125619598551732393041818857719598",
"173058415040374091877904087060601833097",
"270970690406432738190333471416352672776",
"324432494467839850124208327321842254472",
"81730675890199934822491768895838590587",
"220696923193420841983351434307727546251",
"229605938422456436814419580630024746619",
"168521888538563092444045135638220475818",
"114408788652185594976620226019750969539",
"72228878591817537367041508760725390316",
"274988142511309477226691216762725432855",
"100363914576226021838070188872572478717",
"166929772427402107687685460495313949298",
"180625950686284105336856111568935054618",
"106038062038205489926169328513547198569",
"34436572616374088243955802758804131473",
"171581963407818784950342056701526804311",
"247967641418735543141665557550669436266",
"165244961831484882699473163193719059976"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "src/auth/cephx/CephxSessionHandler.cc",
"function": "CephxSessionHandler::_calc_signature"
},
"id": "CVE-2018-1129-be39d2f8",
"deprecated": false,
"source": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
"digest": {
"function_hash": "31450864465716846747214712719381154708",
"length": 1302.0
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1129.json"