Bug #24837
auth: cephx signature check is weak/broken
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
The signature check code was validating only the first (32-byte) of two blocks, and thus did not cover all of the crc fields (notably not data_crc).
Fixes are in place:
master: 8f396cf35a3826044b089141667a196454c0a587
mimic: 436b08688a5be238280a6e93de8658c10d72044c
luminous: a2b04cc337a6f6f7b7a8b02bf31a8f3448670645
jewel: 546d15b25eb2af8b27ec509344c1a45387f77a57
CVE-2018-1129
Reported-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
History
#1 Updated by Sage Weil over 5 years ago
- Project changed from Ceph to RADOS
#2 Updated by Sage Weil over 5 years ago
- Description updated (diff)