CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2018-1129 – ceph: cephx uses weak signatures
https://notcve.org/view.php?id=CVE-2018-1129
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha encontrado un error en la forma en la que el cálculo de firmas es gestionado por el protocolo de autenticación cephx. Un atacante que tenga acceso a la red de clústers ceph y que pueda alterar la carga útil de los mensajes podría omitir las comprobaciones de firma realizadas por el protocolo cephx. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://tracker.ceph.com/issues/24837 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1576057 https://github.com/ceph/ceph/com • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1128 – ceph: cephx protocol is vulnerable to replay attack
https://notcve.org/view.php?id=CVE-2018-1128
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Se ha descubierto que el protocolo de autenticación cephx no verificaba correctamente los clientes ceph y era vulnerable a ataques de reproducción. Cualquier atacante que tenga acceso a la red de clústers de ceph y que pueda rastrear paquetes en la red puede emplear esta vulnerabilidad para autenticarse con el servicio ceph y realizar acciones permitidas por el servicio ceph. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html http://tracker.ceph.com/issues/24836 http://www.openwall.com/lists/oss-security/2020/11/17/3 http://www.openwall.com/lists/oss-security/2020/11/17/4 https://access.redhat.com/errata/RHSA-2018:2177 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2261 https://access.redhat.com/errata/RHSA-2018:2274 https://bugzilla.redhat.com/show_bug.cgi?id=1575866& • CWE-287: Improper Authentication CWE-294: Authentication Bypass by Capture-replay •