Published: 10/07/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ceph ceph 12.2.7
ceph ceph 12.2.5
ceph ceph 12.2.0
ceph ceph 10.2.10
ceph ceph 10.2.3
ceph ceph 10.2.1
ceph ceph 12.2.4
ceph ceph 12.2.3
ceph ceph 12.2.2
ceph ceph 12.2.1
ceph ceph 13.2.1
ceph ceph 10.2.8
ceph ceph 10.2.7
ceph ceph 10.2.6
ceph ceph 10.2.5
ceph ceph 13.2.0
ceph ceph 12.2.6
ceph ceph 10.2.11
ceph ceph 10.2.9
ceph ceph 10.2.4
ceph ceph 10.2.2
ceph ceph 10.2.0
redhat ceph storage osd 3
redhat enterprise linux server 7.0
redhat ceph storage 3
redhat ceph storage mon 2
redhat ceph storage mon 3
redhat enterprise linux workstation 7.0
redhat ceph storage osd 2
redhat enterprise linux desktop 7.0
opensuse leap 15.0
debian debian linux 9.0

Debian Bug report logs - #913470 ceph: CVE-2018-10861 Package: src:ceph; Maintainer for src:ceph is Ceph Maintainers <ceph-maintainers@listscephcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 11 Nov 2018 13:18:06 UTC Severity: grave Tags: security, upstream Found in version ceph/1025-72 F ...

Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system: The cephx authentication protocol was suspectible to replay attacks and calculated signatures incorrectly, ceph mon did not validate capabilities for pool operations (resulting in potential corruption or deletion of snapshot images) and a format string vulnerab ...

Synopsis Moderate: Red Hat Ceph Storage 25 security, enhancement, and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ceph is now available for Red Hat Ceph Storage 25 for Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Moderate A Co ...

Synopsis Moderate: Red Hat Ceph Storage 25 security, enhancement, and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ceph is now available for Red Hat Ceph Storage 25 for RedHat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impactof Mo ...

Synopsis Moderate: Red Hat Ceph Storage 30 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ceph is now available for Red Hat Ceph Storage 30 for RedHat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Com ...

Synopsis Moderate: Red Hat Ceph Storage 30 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ceph is now available for Red Hat Ceph Storage for Ubuntu 1604Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

A flaw was found in the way ceph mon handles user requests Any authenticated ceph user having read access to ceph can delete and corrupt snapshot images ...

CWE-287 https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc https://bugzilla.redhat.com/show_bug.cgi?id=1593308 http://tracker.ceph.com/issues/24838 https://access.redhat.com/errata/RHSA-2018:2179 https://access.redhat.com/errata/RHSA-2018:2177 http://www.securityfocus.com/bid/104742 https://access.redhat.com/errata/RHSA-2018:2274 https://access.redhat.com/errata/RHSA-2018:2261 https://www.debian.org/security/2018/dsa-4339 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913470 https://nvd.nist.gov https://www.debian.org/security/./dsa-4339 https://access.redhat.com/errata/RHSA-2018:2274

CVE-2018-10861

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect