Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14633

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.

Published

2018-09-25T00:29:00.357

Last Modified

2024-11-21T03:49:28.320

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

8.5

Weaknesses

Type: Primary
CWE-121
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 3.16.59	Yes
Operating System	linux	linux_kernel	< 3.18.124	Yes
Operating System	linux	linux_kernel	< 4.4.159	Yes
Operating System	linux	linux_kernel	< 4.9.130	Yes
Operating System	linux	linux_kernel	< 4.14.73	Yes
Operating System	linux	linux_kernel	< 4.18.11	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	redhat	enterprise_linux_eus	7.4	Yes
Operating System	redhat	enterprise_linux_eus	7.6	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.4	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

http://www.securityfocus.com/bid/105388 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2018:3651 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:3666 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:1946 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c Patch, Vendor Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html Mailing List, Third Party Advisory ([email protected])
https://seclists.org/oss-sec/2018/q3/270 Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/3775-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3775-2/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3776-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3776-2/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3777-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3777-2/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3777-3/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3779-1/ Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4308 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/105388 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3651 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3666 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:1946 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/oss-sec/2018/q3/270 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3775-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3775-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3776-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3776-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3777-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3777-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3777-3/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3779-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4308 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)