Launchpad.net

CVE 2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Related bugs and status

CVE-2018-1129 (Candidate) is related to these bugs:

Bug #1769252: [SRU] ceph 12.2.7

		In	Importance	Status
1769252	[SRU] ceph 12.2.7	ceph (Ubuntu)	Undecided	Invalid
1769252	[SRU] ceph 12.2.7	ceph (Ubuntu Bionic)	Medium	Fix Released
1769252	[SRU] ceph 12.2.7	Ubuntu Cloud Archive	Undecided	Invalid
1769252	[SRU] ceph 12.2.7	Ubuntu Cloud Archive queens	Medium	Fix Released
1769252	[SRU] ceph 12.2.7	Ubuntu Cloud Archive pike	Medium	Won't Fix

Bug #1784401: [SRU] ceph 10.2.11

		In	Importance	Status
1784401	[SRU] ceph 10.2.11	Ubuntu Cloud Archive	Undecided	Invalid
1784401	[SRU] ceph 10.2.11	ceph (Ubuntu)	Undecided	Invalid
1784401	[SRU] ceph 10.2.11	ceph (Ubuntu Xenial)	Medium	Fix Released
1784401	[SRU] ceph 10.2.11	Ubuntu Cloud Archive mitaka	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-1129

Related bugs and status

Related bugs

References