Bug #24836: auth: cephx authorizer subject to replay - RADOS - Ceph

Actions

Copy link

Bug #24836

closed

auth: cephx authorizer subject to replay

Added by Sage Weil almost 6 years ago. Updated 2 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

% Done:

Source:

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Component(RADOS):

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

The cephx authorizer does not have any challenge or nonce, and thus (if sniffed) can be reused by another session.

Fixes are in place:
master: f80b848d3f830eb6dba50123e04385173fa4540b
mimic: 4cbd72f11ecda4c28d1bf47328a4f8672295870a
luminous: 5ead97120e07054d80623dada90a5cc764c28468
jewel: 26816cd80ae245d351d5ce34d8af434fbc798602

CVE-2018-1128

History
Property changes

Actions

Copy link

Updated by Sage Weil almost 6 years ago

Project changed from Ceph to RADOS

Actions

Copy link

Updated by Ken Dreyer 2 months ago

Description updated (diff)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » RADOS

Custom queries

Bug #24836

auth: cephx authorizer subject to replay

Updated by Sage Weil almost 6 years ago

Updated by Ken Dreyer 2 months ago