Vulnerability-Lookup

CVE-2018-1129 (GCVE-0-2018-1129)

Vulnerability from cvelistv5 – Published: 2018-07-10 14:00 – Updated: 2024-09-17 01:45

Summary

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

Severity ?

No CVSS data available.

CWE

CWE-284

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:2261	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2177	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1576057	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2179	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2274	vendor-advisoryx_refsource_REDHAT
	http://tracker.ceph.com/issues/24837	x_refsource_CONFIRM
	https://github.com/ceph/ceph/commit/8f396cf35a382…	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4339	vendor-advisoryx_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://packetstormsecurity.com/files/154245/Kerne…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Red Hat, Inc.	ceph	Affected: all versions in branches master, mimic, luminous and jewel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.711Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2261"
          },
          {
            "name": "RHSA-2018:2177",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2177"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
          },
          {
            "name": "RHSA-2018:2179",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2179"
          },
          {
            "name": "RHSA-2018:2274",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tracker.ceph.com/issues/24837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
          },
          {
            "name": "DSA-4339",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4339"
          },
          {
            "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2019:1284",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ceph",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions in branches master, mimic, luminous and jewel"
            }
          ]
        }
      ],
      "datePublic": "2018-07-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-29T02:06:08.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:2261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2261"
        },
        {
          "name": "RHSA-2018:2177",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2177"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
        },
        {
          "name": "RHSA-2018:2179",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2179"
        },
        {
          "name": "RHSA-2018:2274",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tracker.ceph.com/issues/24837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
        },
        {
          "name": "DSA-4339",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4339"
        },
        {
          "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2019:1284",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2018-07-09T00:00:00",
          "ID": "CVE-2018-1129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ceph",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions in branches master, mimic, luminous and jewel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2261",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2261"
            },
            {
              "name": "RHSA-2018:2177",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2177"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
            },
            {
              "name": "RHSA-2018:2179",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2179"
            },
            {
              "name": "RHSA-2018:2274",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2274"
            },
            {
              "name": "http://tracker.ceph.com/issues/24837",
              "refsource": "CONFIRM",
              "url": "http://tracker.ceph.com/issues/24837"
            },
            {
              "name": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
              "refsource": "CONFIRM",
              "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
            },
            {
              "name": "DSA-4339",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4339"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2019:1284",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1129",
    "datePublished": "2018-07-10T14:00:00.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:45:51.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-448

Vulnerability from certfr_avis - Published: 2018-09-21 - Updated: 2018-09-21

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 12-SP3
SUSE	N/A	SUSE CaaS Platform 3.0
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP3
SUSE	N/A	SUSE CaaS Platform ALL
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP3
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP3

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE suse-su-20182776-1 du 20 septembre 2018	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20182775-1 du 20 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Desktop 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Desktop",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE CaaS Platform 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE CaaS Platform ALL",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 12-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-10883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-10879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
    },
    {
      "name": "CVE-2018-10880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
    },
    {
      "name": "CVE-2018-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-13093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
    },
    {
      "name": "CVE-2018-10881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
    },
    {
      "name": "CVE-2018-12896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
    },
    {
      "name": "CVE-2018-13094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
    },
    {
      "name": "CVE-2018-6555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2018-10877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
    },
    {
      "name": "CVE-2018-13095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
    },
    {
      "name": "CVE-2018-10882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
    },
    {
      "name": "CVE-2018-10876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10876"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    }
  ],
  "initial_release_date": "2018-09-21T00:00:00",
  "last_revision_date": "2018-09-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-448",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182776-1 du 20 septembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182776-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20182775-1 du 20 septembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182775-1/"
    }
  ]
}

CERTFR-2019-AVI-233

Vulnerability from certfr_avis - Published: 2019-05-20 - Updated: 2019-05-20

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Module pour Public Cloud 12
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP1
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP2
SUSE	N/A	OpenStack Cloud Magnum Orchestration 7
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-BCL
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE	N/A	SUSE OpenStack Cloud 7
SUSE	N/A	SUSE Enterprise Storage 4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2019:1287-1 du 17 mai 2019	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2019:1289-1 du 17 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Module pour Public Cloud 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP1",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "OpenStack Cloud Magnum Orchestration 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-BCL",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE OpenStack Cloud 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Enterprise Storage 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-18710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
    },
    {
      "name": "CVE-2019-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
    },
    {
      "name": "CVE-2018-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
    },
    {
      "name": "CVE-2017-7472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7472"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2018-19407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19407"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-8564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2017-1000407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407"
    },
    {
      "name": "CVE-2019-9213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
    },
    {
      "name": "CVE-2017-7273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7273"
    },
    {
      "name": "CVE-2018-18281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-18690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18690"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2016-10741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10741"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1091"
    },
    {
      "name": "CVE-2018-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1120"
    },
    {
      "name": "CVE-2017-18174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18174"
    },
    {
      "name": "CVE-2018-16884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2019-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
    },
    {
      "name": "CVE-2019-11486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
    },
    {
      "name": "CVE-2018-19824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19824"
    },
    {
      "name": "CVE-2019-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
    },
    {
      "name": "CVE-2019-7221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2019-7222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
    },
    {
      "name": "CVE-2017-16533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
    },
    {
      "name": "CVE-2016-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8636"
    },
    {
      "name": "CVE-2018-18386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
    },
    {
      "name": "CVE-2017-17741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17741"
    },
    {
      "name": "CVE-2019-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
    }
  ],
  "initial_release_date": "2019-05-20T00:00:00",
  "last_revision_date": "2019-05-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-233",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1287-1 du 17 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1289-1 du 17 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1/"
    }
  ]
}

CERTFR-2018-AVI-456

Vulnerability from certfr_avis - Published: 2018-09-26 - Updated: 2018-09-26

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time Extension 12-SP3
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2018:2858-1 du 25 septembre 2018	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2018:2862-1 du 25 septembre 2018	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2018:2864-1 du 25 septembre 2018	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2018:2860-1 du 25 septembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time Extension 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Real Time",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Software Development Kit 12-SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-10883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-10879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
    },
    {
      "name": "CVE-2018-10880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
    },
    {
      "name": "CVE-2018-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-13093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
    },
    {
      "name": "CVE-2018-10881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
    },
    {
      "name": "CVE-2018-12896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
    },
    {
      "name": "CVE-2018-13094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
    },
    {
      "name": "CVE-2018-6555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2018-1000026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000026"
    },
    {
      "name": "CVE-2018-5390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
    },
    {
      "name": "CVE-2018-10877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
    },
    {
      "name": "CVE-2018-13095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
    },
    {
      "name": "CVE-2018-10882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
    },
    {
      "name": "CVE-2018-10876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10876"
    },
    {
      "name": "CVE-2018-10940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    }
  ],
  "initial_release_date": "2018-09-26T00:00:00",
  "last_revision_date": "2018-09-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-456",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2858-1 du 25 septembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182858-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2862-1 du 25 septembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182862-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2864-1 du 25 septembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182864-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2860-1 du 25 septembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182860-1/"
    }
  ]
}

CERTFR-2018-AVI-580

Vulnerability from certfr_avis - Published: 2018-12-03 - Updated: 2018-12-03

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	SUSE	N/A	SUSE Linux Enterprise Module pour Public Cloud 15

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2018:3961-1 du 30 novembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Module pour Public Cloud 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-18710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
    },
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2017-18224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18224"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-13093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
    },
    {
      "name": "CVE-2018-14613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
    },
    {
      "name": "CVE-2018-12896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
    },
    {
      "name": "CVE-2018-17182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
    },
    {
      "name": "CVE-2018-6555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2018-18445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18445"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-13095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
    },
    {
      "name": "CVE-2018-10940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    },
    {
      "name": "CVE-2017-16533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
    },
    {
      "name": "CVE-2018-18386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
    }
  ],
  "initial_release_date": "2018-12-03T00:00:00",
  "last_revision_date": "2018-12-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-580",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:3961-1 du 30 novembre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183961-1/"
    }
  ]
}

CERTFR-2018-AVI-466

Vulnerability from certfr_avis - Published: 2018-10-03 - Updated: 2018-10-03

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Module pour Live Patching 15
SUSE	N/A	SUSE Linux Enterprise Module pour Basesystem 15
SUSE	N/A	SUSE Linux Enterprise Module pour Legacy Software 15
SUSE	N/A	SUSE Linux Enterprise High Availability 15
SUSE	N/A	SUSE Linux Enterprise Module pour Development Tools 15
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 15

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2018:2981-1 du 2 octobre 2018	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2018:2980-1 du 2 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Module pour Live Patching 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Basesystem 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Legacy Software 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module pour Development Tools 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-13093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13093"
    },
    {
      "name": "CVE-2018-14613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
    },
    {
      "name": "CVE-2018-12896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12896"
    },
    {
      "name": "CVE-2018-13094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13094"
    },
    {
      "name": "CVE-2018-6555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6555"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2018-13095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13095"
    },
    {
      "name": "CVE-2018-10940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    }
  ],
  "initial_release_date": "2018-10-03T00:00:00",
  "last_revision_date": "2018-10-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-466",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2981-1 du 2 octobre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182981-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2018:2980-1 du 2 octobre 2018",
      "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182980-1/"
    }
  ]
}

CNVD-2018-17722

Vulnerability from cnvd - Published: 2018-09-06

Title

Red Hat Ceph弱签名漏洞

Description

Red Hat Ceph是美国红帽（Red Hat）公司的一套Linux PB级分布式文件系统。该系统的主要目标是设计成基于POSIX（可移植操作系统接口）的没有单点故障的分布式文件系统，使数据能容错和无缝的复制。Ceph branches master、mimic、luminous和jewel都是不同的Ceph版本。 Red Hat Ceph中存在安全漏洞，该漏洞源于程序使用了较弱的签名。攻击者可利用该漏洞绕过cephx协议的签名检测。

Severity

中

Patch Name

Red Hat Ceph弱签名漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://tracker.ceph.com/issues/24837

Reference

http://tracker.ceph.com/issues/24837

Impacted products

Name
Red Hat Ceph

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1129",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1129"
    }
  },
  "description": "Red Hat Ceph\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957Linux PB\u7ea7\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u4e3b\u8981\u76ee\u6807\u662f\u8bbe\u8ba1\u6210\u57fa\u4e8ePOSIX\uff08\u53ef\u79fb\u690d\u64cd\u4f5c\u7cfb\u7edf\u63a5\u53e3\uff09\u7684\u6ca1\u6709\u5355\u70b9\u6545\u969c\u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\uff0c\u4f7f\u6570\u636e\u80fd\u5bb9\u9519\u548c\u65e0\u7f1d\u7684\u590d\u5236\u3002Ceph branches master\u3001mimic\u3001luminous\u548cjewel\u90fd\u662f\u4e0d\u540c\u7684Ceph\u7248\u672c\u3002\r\n\r\nRed Hat Ceph\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e86\u8f83\u5f31\u7684\u7b7e\u540d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7cephx\u534f\u8bae\u7684\u7b7e\u540d\u68c0\u6d4b\u3002",
  "discovererName": "Siddharth Sharma",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://tracker.ceph.com/issues/24837",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17722",
  "openTime": "2018-09-06",
  "patchDescription": "Red Hat Ceph\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957Linux PB\u7ea7\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u7684\u4e3b\u8981\u76ee\u6807\u662f\u8bbe\u8ba1\u6210\u57fa\u4e8ePOSIX\uff08\u53ef\u79fb\u690d\u64cd\u4f5c\u7cfb\u7edf\u63a5\u53e3\uff09\u7684\u6ca1\u6709\u5355\u70b9\u6545\u969c\u7684\u5206\u5e03\u5f0f\u6587\u4ef6\u7cfb\u7edf\uff0c\u4f7f\u6570\u636e\u80fd\u5bb9\u9519\u548c\u65e0\u7f1d\u7684\u590d\u5236\u3002Ceph branches master\u3001mimic\u3001luminous\u548cjewel\u90fd\u662f\u4e0d\u540c\u7684Ceph\u7248\u672c\u3002\r\n\r\nRed Hat Ceph\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e86\u8f83\u5f31\u7684\u7b7e\u540d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7cephx\u534f\u8bae\u7684\u7b7e\u540d\u68c0\u6d4b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat Ceph\u5f31\u7b7e\u540d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat Ceph"
  },
  "referenceLink": "http://tracker.ceph.com/issues/24837",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-25",
  "title": "Red Hat Ceph\u5f31\u7b7e\u540d\u6f0f\u6d1e"
}

GHSA-7QC9-W55V-W7P3

Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-10T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
  "id": "GHSA-7qc9-w55v-w7p3",
  "modified": "2022-05-14T00:52:10Z",
  "published": "2022-05-14T00:52:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2177"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2179"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2261"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2274"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4339"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
    },
    {
      "type": "WEB",
      "url": "http://tracker.ceph.com/issues/24837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-1129

Vulnerability from fkie_nvd - Published: 2018-07-10 14:29 - Updated: 2024-11-21 03:59

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html	Third Party Advisory
secalert@redhat.com	http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
secalert@redhat.com	http://tracker.ceph.com/issues/24837	Issue Tracking, Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:2177	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:2179	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:2261	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:2274	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1576057	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587	Patch, Third Party Advisory
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	Mailing List, Third Party Advisory
secalert@redhat.com	https://www.debian.org/security/2018/dsa-4339	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
af854a3a-2127-422b-91ae-364da2661108	http://tracker.ceph.com/issues/24837	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2177	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2179	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2261	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2274	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1576057	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4339	Third Party Advisory

Impacted products

Vendor	Product	Version
redhat	ceph_storage	1.3
redhat	ceph_storage	3
redhat	ceph_storage_mon	2
redhat	ceph_storage_mon	3
redhat	ceph_storage_osd	2
redhat	ceph_storage_osd	3
redhat	enterprise_linux	7.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	7.0
ceph	ceph	10.2.0
ceph	ceph	10.2.1
ceph	ceph	10.2.2
ceph	ceph	10.2.3
ceph	ceph	10.2.4
ceph	ceph	10.2.5
ceph	ceph	10.2.6
ceph	ceph	10.2.7
ceph	ceph	10.2.8
ceph	ceph	10.2.9
ceph	ceph	10.2.10
ceph	ceph	10.2.11
ceph	ceph	12.2.0
ceph	ceph	12.2.1
ceph	ceph	12.2.2
ceph	ceph	12.2.3
ceph	ceph	12.2.4
ceph	ceph	12.2.5
ceph	ceph	12.2.6
ceph	ceph	12.2.7
ceph	ceph	13.2.0
ceph	ceph	13.2.1
debian	debian_linux	8.0
debian	debian_linux	9.0
opensuse	leap	15.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E67C3A-4458-4DC9-B40E-C0B285C87211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9184616-421F-4EA9-AC1A-A4C95BBAAC99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C2EBAD9-F0D5-4176-9C4D-001B230E699E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD2F9BA8-FE0A-43DE-A756-C35A24C3D96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA5F5227-DBDA-4C01-BF7C-4D53F455404F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80BACB5-7A56-4BC6-9261-58A3860F4E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8901022A-8A84-494A-A5BF-358F2CBBDFFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76788B0A-7776-4D0C-B0D7-C855E9A0231E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A925DB4-83DC-45D1-A48B-1675A111213B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22BA440-CB28-445C-A7F8-CBD6E8965B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A503C653-AFEB-4E5A-872B-AD033C0E2259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C00462A-A1B8-42A7-9336-DE1BF5510B6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3505D4E2-4EA8-40A4-A57C-46CCA9922EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EC481B-79F0-41DB-B95F-D1A221C96F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F159B5-AF02-48BE-B994-749F21B9D362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9684039-7938-405D-B833-4C54BFBD6476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAE4350-8F39-4E78-AB25-17DE76FD57AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2369D2-4413-447C-A0A8-84CA37B1F5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3515BF53-4921-462F-820E-B842BB3FF066",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48067E54-26F5-4020-BCEA-A65C2536618B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A86B91-78C3-4D02-B7C8-11AAFB1CCCEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDBD084F-4A0B-4231-8465-61F8BE5E57F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0885F67A-E01B-4BF2-A760-D452B55C5F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9D95E9-52F3-459C-89AD-6FCA6A975085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "087C6821-9A77-4CC8-8AA0-2C51414D9B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A667C6AF-76D4-4192-A8BF-395F368EFAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BF6806-6E69-4172-9260-2E97FB253339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCAE0EE4-BBE9-4DBD-84CC-9A72E97E73E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un error en la forma en la que el c\u00e1lculo de firmas es gestionado por el protocolo de autenticaci\u00f3n cephx. Un atacante que tenga acceso a la red de cl\u00fasters ceph y que pueda alterar la carga \u00fatil de los mensajes podr\u00eda omitir las comprobaciones de firma realizadas por el protocolo cephx. Se cree que las ramas de ceph master, mimic, luminous y jewel son vulnerables."
    }
  ],
  "id": "CVE-2018-1129",
  "lastModified": "2024-11-21T03:59:15.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-10T14:29:00.417",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://tracker.ceph.com/issues/24837"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2177"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2179"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2261"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2274"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://tracker.ceph.com/issues/24837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4339"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-1129

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1129

Aliases

CVE-2018-1129

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1129",
    "description": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
    "id": "GSD-2018-1129",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-1129.html",
      "https://www.debian.org/security/2018/dsa-4339",
      "https://access.redhat.com/errata/RHSA-2018:2274",
      "https://access.redhat.com/errata/RHSA-2018:2261",
      "https://access.redhat.com/errata/RHSA-2018:2179",
      "https://access.redhat.com/errata/RHSA-2018:2177",
      "https://advisories.mageia.org/CVE-2018-1129.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1129"
      ],
      "details": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.",
      "id": "GSD-2018-1129",
      "modified": "2023-12-13T01:22:36.890004Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "DATE_PUBLIC": "2018-07-09T00:00:00",
        "ID": "CVE-2018-1129",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ceph",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions in branches master, mimic, luminous and jewel"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2018:2261",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2261"
          },
          {
            "name": "RHSA-2018:2177",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2177"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
          },
          {
            "name": "RHSA-2018:2179",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2179"
          },
          {
            "name": "RHSA-2018:2274",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2274"
          },
          {
            "name": "http://tracker.ceph.com/issues/24837",
            "refsource": "CONFIRM",
            "url": "http://tracker.ceph.com/issues/24837"
          },
          {
            "name": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
            "refsource": "CONFIRM",
            "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
          },
          {
            "name": "DSA-4339",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4339"
          },
          {
            "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2019:1284",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_osd:2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage:3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_mon:2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_mon:3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:ceph_storage_osd:3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:13.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:10.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:12.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ceph:ceph:13.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1129"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576057"
            },
            {
              "name": "http://tracker.ceph.com/issues/24837",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "http://tracker.ceph.com/issues/24837"
            },
            {
              "name": "RHSA-2018:2179",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2179"
            },
            {
              "name": "RHSA-2018:2177",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2177"
            },
            {
              "name": "RHSA-2018:2274",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2274"
            },
            {
              "name": "RHSA-2018:2261",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2261"
            },
            {
              "name": "DSA-4339",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4339"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2019:1284",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-08-29T03:15Z",
      "publishedDate": "2018-07-10T14:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1129 (GCVE-0-2018-1129)

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature