{"id":"CVE-2018-1128","details":"It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.","modified":"2026-04-16T06:21:30.013538315Z","published":"2018-07-10T14:29:00.370Z","related":["SUSE-SU-2018:1920-1","SUSE-SU-2018:2193-1","SUSE-SU-2018:2299-1","SUSE-SU-2018:2478-1","SUSE-SU-2018:2775-1","SUSE-SU-2018:2776-1","SUSE-SU-2018:2858-1","SUSE-SU-2018:2862-1","SUSE-SU-2018:2980-1","SUSE-SU-2018:2981-1","SUSE-SU-2018:3961-1","SUSE-SU-2019:0586-1","SUSE-SU-2019:1287-1","openSUSE-SU-2019:1284-1","openSUSE-SU-2024:10676-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2020/11/17/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2020/11/17/4"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2179"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2274"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4339"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2177"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2261"},{"type":"REPORT","url":"http://tracker.ceph.com/issues/24836"},{"type":"FIX","url":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1575866"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ceph/ceph","events":[{"introduced":"0"},{"last_affected":"1d0909a0ace0d739990e3555707f415e61096d9c"},{"introduced":"0"},{"last_affected":"1d0909a0ace0d739990e3555707f415e61096d9c"},{"introduced":"3a9fba20ec743699b69bd0181dd6c54dc01c64b9"},{"last_affected":"5533ecdc0fda920179d7ad84e0aa65a127b20d77"},{"introduced":"0"},{"last_affected":"bd7989103911796eb5698cf208b0ccdc3370d707"},{"introduced":"0"},{"last_affected":"3c9db396aed1f773cbb3441dfb7a21f0b11ab3e1"},{"fixed":"5ead97120e07054d80623dada90a5cc764c28468"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2"},{"introduced":"0"},{"last_affected":"2"},{"introduced":"10.2.0"},{"last_affected":"13.2.1"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"15.0"}]}}],"versions":["rrygrvmctuzz-build-me","ses2-gm","v0.1","v0.18","v0.19","v0.2","v0.4","v0.5","v0.6","v0.7.1","v0.7.2","v0.7.3","v0.9","v0.93","v0.94","v0.94.1","v0.94.2","v0.94.3","v0.94.4","v0.94.5","v11.0.0","v12.1.4","v12.2.1","v12.2.2","v12.2.3","v12.2.4","v12.2.5","v13.0.0","v13.1.0","v13.1.1","v13.2.0","v13.2.1","v14.0.0","v15.0.0","v9.0.0"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-1128-0456a06d","digest":{"threshold":0.9,"line_hashes":["271881194744327171848146619442015923593","220946616799887385193185939752193027981","7214700514926312519892232978917384784","80061998279921642278662131757058340122","172363659810487502411752050195517346895","334211543321755616374819996088951421135","59967608528200985392311496615008963426","84110695936860967371140308975804849887","306258035161510621276412153435353263637","306404554610717319359446296320998148789"]},"target":{"file":"src/mgr/DaemonServer.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"signature_version":"v1","digest":{"line_hashes":["35775292112725421636364688182539632879","226559886975588931645464139033878467410","197213185299105141661346080019545498474","294584434819864037069945969173119369233","65119181280810182896790018668236348409","276953156028987026699379597423955696001","23014454464754167097668860802773937739","328706553427828590955140792906925755830"],"threshold":0.9},"target":{"file":"src/mds/MDSDaemon.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-0548690f"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["246231213810321595580404015117560340530","304677443938499933941149557528846982560","139488533494497442133982936089441958313","215240163423316486533778998971913794958"]},"target":{"file":"src/auth/none/AuthNoneAuthorizeHandler.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-06287a4f"},{"id":"CVE-2018-1128-0c1f30c1","digest":{"length":232,"function_hash":"332121759192224145599600516391942842510"},"target":{"function":"SimpleMessenger::verify_authorizer","file":"src/msg/simple/SimpleMessenger.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-12c86eec","digest":{"threshold":0.9,"line_hashes":["287580168459069542746122237788914558210","200884555290004381622212713410267574758","99243557424777362753605901344451898507","13650824945831798166328761923513119836","32816346833464352102085193775169549129","148151886116992475301673227189685831976","194545171467291771732324482970265740187","19587353765131405162297262415137776183","328058194714249537011505603347797437959","92021143266192176674851353768814351253","138170934080215037450403002363705661055","105135349804760838859480469610730392589"]},"target":{"file":"src/auth/cephx/CephxProtocol.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-1532c731","digest":{"line_hashes":["263315322648526988309120731363674108807","42542035275539781818782658395518725690","12957193145457619430089516946246841484","230012333069419570847547146248729660462"],"threshold":0.9},"target":{"file":"src/auth/AuthAuthorizeHandler.h"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-1585e7ae","digest":{"length":949,"function_hash":"117665481563204585735873961930475558955"},"target":{"function":"Monitor::ms_verify_authorizer","file":"src/mon/Monitor.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-1d306193","digest":{"length":4196,"function_hash":"50979571723573586322573076721735440635"},"target":{"function":"CephxServiceHandler::handle_request","file":"src/auth/cephx/CephxServiceHandler.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-2582b2a1","digest":{"line_hashes":["35241577239966710832456670772335636150","2075571383681831651045829047231196321","330585744930648240885015643499905612119","233089843190287088841118985004367606103"],"threshold":0.9},"target":{"file":"src/test/msgr/perf_msgr_client.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-3ec64777","digest":{"line_hashes":["201238472471811256252695291070198007796","241213535881010297101469866611272356204","108682977106131066579508742689685399700","283186916747015006198630023664498040292","296067207783036973393986455822996200326"],"threshold":0.9},"target":{"file":"src/auth/none/AuthNoneProtocol.h"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-3ee9db23","digest":{"length":601,"function_hash":"111474384194601422883767563971648317018"},"target":{"function":"CephXTicketHandler::build_authorizer","file":"src/auth/cephx/CephxProtocol.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-45428534","digest":{"threshold":0.9,"line_hashes":["148250606471404174610891966691442094325","127812376717456892960382851876717343700","199170179623909935781880511829649550158","70699843484200190926541126940118143150","37205223167888437737881458772711900665","279570850668602816309718320007798079847"]},"target":{"file":"src/msg/async/AsyncMessenger.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-468906d4","digest":{"threshold":0.9,"line_hashes":["82934790563041155675035112479637853644","291073866538662378392357721664029383899","107591024547841686395209057442952658301","46617039630708791999321870399721374242","69926732951619164897587293023409834215","202740589708253860771756875304602210062"]},"target":{"file":"src/msg/simple/SimpleMessenger.cc"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-4d2ad4c7","digest":{"line_hashes":["32280038820894375459243217443798371100","205840514162190368565876798362477565809","117393267574739488830724850132050674218","331658254708506218717162028201038540771"],"threshold":0.9},"target":{"file":"src/auth/Auth.h"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-4d98467e","digest":{"threshold":0.9,"line_hashes":["287403767008896448931704472185170318155","213211947956865939327928978110376650676","214424435199777950060566610905613550882","189357276457886306262535794867896255114","201816207952092347342147470633177815465","310144059731067980482242774071037268830","319200013091028420493156299766657824768","116037877966841520479698728304384061952"]},"target":{"file":"src/msg/Messenger.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-5c874389","digest":{"threshold":0.9,"line_hashes":["139841883642505410840178028236906528701","112221873499293540458981172004142864885","87886319275251829248388958976088518737","318256969133211037130262621866084953474","37913602816746771654808527200457073333","276465648181169578126566951436542759451","20803129115483894654459406532372372709","315447950139537477334766161830283694432","71173492548926804501085418642627484516","327146236193754771550558980454988514452"]},"target":{"file":"src/auth/cephx/CephxAuthorizeHandler.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-5ee56071","digest":{"length":218,"function_hash":"249377672278905956830546898308758879287"},"target":{"function":"AuthUnknownAuthorizeHandler::verify_authorizer","file":"src/auth/unknown/AuthUnknownAuthorizeHandler.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-5f035689","digest":{"threshold":0.9,"line_hashes":["313263362759181182240885659254552194528","282555218084645468293613684247876024225","307386974680870383379198918765384263718","61589097803563129383743805576051077860","309680454727909749207447159007330163124","122065401495147590098722102143466678211","25191212157259437075147635538800650637","279245974258071698858090909429121746646","209096167931365357808585224963756246030","324659535653985894085040087946235642055"]},"target":{"file":"src/osd/OSD.cc"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-64be9829","digest":{"line_hashes":["246231213810321595580404015117560340530","304677443938499933941149557528846982560","139488533494497442133982936089441958313","215240163423316486533778998971913794958"],"threshold":0.9},"target":{"file":"src/auth/cephx/CephxAuthorizeHandler.h"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-667fe684","digest":{"threshold":0.9,"line_hashes":["86736427565681256013865602663090028780","185493899086129149057204224906495326593","285358754418742939900448723911193310583","222316547082311490474504798931602544262","202291727593816625171702938665825270611","243060042623030927902747351910828069539","168566041195432021577539210502134305545","13355489482081118310812950455227555443"]},"target":{"file":"src/mon/Monitor.cc"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"signature_version":"v1","digest":{"length":1802,"function_hash":"175744719569565803492968876901400927785"},"target":{"function":"OSD::ms_verify_authorizer","file":"src/osd/OSD.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-66a93e9f"},{"id":"CVE-2018-1128-6bcc38ac","digest":{"threshold":0.9,"line_hashes":["216900262820378702255556799933423074737","138364299271657675260487363189300803166","164981516914436865065673033611166689507","81469546051834336886037632541458717747"]},"target":{"file":"src/mds/MDSDaemon.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-6db0a8f3","digest":{"threshold":0.9,"line_hashes":["329884944840865994821033554778311340421","271401821125791076724302761435090231724","290691842821353816499650209029152616471","307537004417459034974499773945661741705"]},"target":{"file":"src/msg/async/AsyncConnection.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-7e681f3b","digest":{"line_hashes":["197413122341036603499323426398354605780","2075571383681831651045829047231196321","330585744930648240885015643499905612119","233089843190287088841118985004367606103"],"threshold":0.9},"target":{"file":"src/test/msgr/perf_msgr_server.cc"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["246231213810321595580404015117560340530","304677443938499933941149557528846982560","139488533494497442133982936089441958313","215240163423316486533778998971913794958"]},"target":{"file":"src/auth/unknown/AuthUnknownAuthorizeHandler.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-83208cb3"},{"id":"CVE-2018-1128-8bb926e2","digest":{"threshold":0.9,"line_hashes":["58956410529821616254520384641947922446","293570900087434371925259001687800488252","168271738188749167856664856054383312635","274122326833641065625413651660078644361","229254709470639608427110989486572450003"]},"target":{"file":"src/msg/simple/SimpleMessenger.h"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-98a3eaf9","digest":{"length":12972,"function_hash":"230428217660019905452147989263584363001"},"target":{"function":"AsyncConnection::handle_connect_msg","file":"src/msg/async/AsyncConnection.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["154089062930362620635359341080589135386","152269869116390014961590682538245695226","77780488699300744406817118812408945873","197173351873073647550642436065658856718","23496509578381717829385287685223098110"]},"target":{"file":"src/auth/unknown/AuthUnknownAuthorizeHandler.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-9f8f6fde"},{"id":"CVE-2018-1128-a09b976b","digest":{"line_hashes":["35146732859708475726089245968836752290","173781083303728461653378805084739093843","224117550219505848091832170252553247448","98020518809110313724096441280444031453"],"threshold":0.9},"target":{"file":"src/auth/cephx/CephxServiceHandler.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["54219172265609729845972962878842094870","258493916114575977754617365660473255721","70283461569236489480630541092811350769","170113205775869902266377889147035498871"]},"target":{"file":"src/test/messenger/xio_dispatcher.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-a178c469"},{"id":"CVE-2018-1128-a9dc3432","digest":{"length":2259,"function_hash":"272902797309284605216166911288200292356"},"target":{"function":"cephx_verify_authorizer","file":"src/auth/cephx/CephxProtocol.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-afa6caf0","digest":{"length":622,"function_hash":"337339866867644864423542720415616024620"},"target":{"function":"CephxAuthorizeHandler::verify_authorizer","file":"src/auth/cephx/CephxAuthorizeHandler.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-c339fb62","digest":{"length":16096,"function_hash":"20232255526357061123126985677217096568"},"target":{"function":"Pipe::accept","file":"src/msg/simple/Pipe.cc"},"signature_type":"Function","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["216900262820378702255556799933423074737","155897769518895462122404030301843142122","35968834776306197691491686465252073711","180896565897235466548681136228157317634"]},"target":{"file":"src/mon/Monitor.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-c5b9e7ae"},{"id":"CVE-2018-1128-c9631abb","digest":{"length":534,"function_hash":"206426036167503618819505166177619954413"},"target":{"function":"AuthNoneAuthorizeHandler::verify_authorizer","file":"src/auth/none/AuthNoneAuthorizeHandler.cc"},"signature_type":"Function","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-d07751fd","digest":{"length":2338,"function_hash":"77406387120363158448220875272219951488"},"target":{"function":"MDSDaemon::ms_verify_authorizer","file":"src/mds/MDSDaemon.cc"},"signature_type":"Function","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-d1bb2a1d","digest":{"threshold":0.9,"line_hashes":["288465790376574947881070613360127480666","17684575505732039975084026820318372528","271500507775623099839249204763241118012","299116767561753262874730163762044845083","120607195031993365448230668015785187613","217438221492403979628700051760306842800"]},"target":{"file":"src/test/messenger/simple_dispatcher.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-d762e50c","digest":{"threshold":0.9,"line_hashes":["53700608194548377924269415540716806684","229657266796962611380194092773516504727","295764003438345644015256164698089532326","217773024170818596221567315944775687845","38115231905458137639336708019324158234","245888909751691758841283881553120474590","214639628008620669731935090288400860716","208953470113368191101361323759123892142","74759123457596549933265733060684124700","5106672567648121979374231370123161546","81715487578341262431654225720582621735","340008720029770159851834491776557566130","14518749985361639038876879910088364998","328706553427828590955140792906925755830"]},"target":{"file":"src/mgr/DaemonServer.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-d77fe4ce","digest":{"threshold":0.9,"line_hashes":["170827460161413141217992070864991159317","311195718121467025865978933962819276001","65325070592099521080108679593448886367","334046573112748200086610041774296236659","85321197916703047476055446046018501552","192294344583514327953566265879132318225","288968853272720691652276742875753045652","273768008145834976506668605853126528083","72424551356610156583538837572986544543","62518397630444308744770683736926495868","191512210648097474760054941384481358665","55269696675168602396906005340488804466","25823673834138586619540398304762792526","200054870726846406470209710271640502699","243848043755731709853137322149014153593","30302702422863588325176670243928623612","109245334133877367525678071928671688509","162278727981566053216714298491703263531","152615176824109161110383312723814033609","314298045797792487656592565014438389066","111290382941019546504942379254908301775","157891998300767432731330600291675699691"]},"target":{"file":"src/msg/simple/Pipe.cc"},"signature_type":"Line","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["197413122341036603499323426398354605780","2075571383681831651045829047231196321","330585744930648240885015643499905612119","233089843190287088841118985004367606103","197413122341036603499323426398354605780","2075571383681831651045829047231196321","330585744930648240885015643499905612119","233089843190287088841118985004367606103","197413122341036603499323426398354605780","2075571383681831651045829047231196321","330585744930648240885015643499905612119","233089843190287088841118985004367606103"]},"target":{"file":"src/test/msgr/test_msgr.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-db6d0393"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["308594879292792471938397721024055981599","40146779767384038406572904798129562004","110351110119210087799037636873621203969","97505601022371633692440821808823486058","190088898129946528545636840269213331092","297540365663001580922209864640758609498","273277499584539777915756313468269242567","49314315605246640746546218234728145777","3431414914910220344160547299406217012","313463706059590906103539453100546799799","251919758314641439775752436715017812890","28038425115000914721050047048991897394","285044381155451632391201802534755544099","174488794594788414302900199440696562882","304382965166809344005791404232760044635","235502768637136596665000069290707123451","116553414204420953852071215460738845142","253977250808280170120979848909353059027","173409026593835196256717479231451827279","331606874300248531979617320286397333579","104684335832993592142070677892295742938","151284049612837606070607755812665525198","84616061889557998495522751707748169917","247687609715707390970724252653647343665","1805615392560183121310586709950245315","58046383023695142947020949616395558522","276272852340276155693458472872949315469","44730655350771586353078753052223530527"]},"target":{"file":"src/auth/cephx/CephxProtocol.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-e5588398"},{"id":"CVE-2018-1128-e75345ed","digest":{"line_hashes":["181987421236306132220185212464374313788","209232669550801182168332660306603678162","228562626639479672278531309658915698159","77780488699300744406817118812408945873","41805076055690784405827036644096298323","229706571948102982830372417511064463638"],"threshold":0.9},"target":{"file":"src/auth/none/AuthNoneAuthorizeHandler.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["53882278651681759442041942649091892352","30862137480173249518092048091271418229","68630106097807108680655504441939944771","183026162874498530662733354990814282940","209113341747657442528547204573749311562","339038545343960894582157385593198417808","11038375123891958406139034222919922735","282760132761413882886043339562200342281","304312927634238846401544802698211511852","316674863454950979548257252996873279251","67108815271846472129056372001421991062","273624076508351713887732984061262929771","166318670912019014458500280794791336518","72609332398330214877163098838302930815","159287056191336157629372554033181035432","254180616939853608975907822923381758441","328289467287463974955188516115917126963","311256464401698118058175867445857074097","227917205029540849832252699869699328364","267452392351744816309132652180885309750","152415032380976359068514908977622340405"]},"target":{"file":"src/msg/async/AsyncConnection.cc"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-e8b90a9d"},{"id":"CVE-2018-1128-f2139ce1","digest":{"threshold":0.9,"line_hashes":["9933396427475359155399461206669993914","44692603880838675879070707329241270200","246534659185340981931461918651935583379","80259378581928432378845719806277329523","154093285246385150132399179848276430917","262626631277547058723972776410436093171","144295247967728843212457454917677260196","231380394880697144336339684904685282271","213773007760849931328298750972346173200","255369423902032211536222106709422965381"]},"target":{"file":"src/msg/Dispatcher.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"signature_version":"v1","digest":{"line_hashes":["200710907138636021401666734307238239835","330518984480191206763315087610208161532","162730821345475567231225402842408544420","233089843190287088841118985004367606103","48888368651770474631504144690389676683","243261071137875592163621042645630037017","142857605029223854946428556402253795220","248786144340640216251559105489899755909"],"threshold":0.9},"target":{"file":"src/osd/OSD.h"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","id":"CVE-2018-1128-f521bd54"},{"id":"CVE-2018-1128-f52782a7","digest":{"length":11675,"function_hash":"339313300521923915611979887420598917198"},"target":{"function":"Pipe::connect","file":"src/msg/simple/Pipe.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"},{"id":"CVE-2018-1128-f8095a95","digest":{"length":15758,"function_hash":"61538361529754482926600204601625453230"},"target":{"function":"AsyncConnection::_process_connection","file":"src/msg/async/AsyncConnection.cc"},"signature_type":"Function","source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","deprecated":false,"signature_version":"v1"},{"id":"CVE-2018-1128-ff8a60c5","digest":{"length":1950,"function_hash":"116654809777197976896629615861262100111"},"target":{"function":"DaemonServer::ms_verify_authorizer","file":"src/mgr/DaemonServer.cc"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","signature_version":"v1"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3"}]},{"events":[{"introduced":"0"},{"last_affected":"3"}]},{"events":[{"introduced":"0"},{"last_affected":"3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T06:58:38Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1128.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}