CVE-2018-14633
kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
Se ha detectado un error de seguridad en la función chap_server_compute_md5() en el código ISCSI objetivo en el kernel de Linux, por la forma en la que se procesa una petición de autenticación de un iniciador ISCSI. Un atacante remoto no autenticado puede provocar un desbordamiento de búfer basado en pila y quebrar hasta 17 bytes de la pila. El ataque requiere que el iSCSI objetivo esté habilitado en el host de la víctima. Dependiendo de cómo se haya construido el código del objetivo (dependiendo de un compilador, marcas de compilación o arquitectura del hardware), un ataque podría conducir a un cierre inesperado del sistema y, por lo tanto, a una denegación de servicio (DoS) o, posiblemente, a un acceso no autorizado a los datos exportados por un objetivo iSCSI. Debido a la naturaleza del error, no se puede descartar totalmente un escalado de privilegios, aunque se cree que es altamente improbable. Se cree que las versiones 4.18.x, 4.14.x y 3.10.x del kernel se han visto afectadas.
A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-27 CVE Reserved
- 2018-09-25 CVE Published
- 2024-07-10 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105388 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | Mailing List |
|
| https://seclists.org/oss-sec/2018/q3/270 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:3651 | 2023-02-14 | |
| https://access.redhat.com/errata/RHSA-2018:3666 | 2023-02-14 | |
| https://access.redhat.com/errata/RHSA-2019:1946 | 2023-02-14 | |
| https://usn.ubuntu.com/3775-1 | 2023-02-14 | |
| https://usn.ubuntu.com/3775-2 | 2023-02-14 | |
| https://usn.ubuntu.com/3776-1 | 2023-02-14 | |
| https://usn.ubuntu.com/3776-2 | 2023-02-14 | |
| https://usn.ubuntu.com/3777-1 | 2023-02-14 | |
| https://usn.ubuntu.com/3777-2 | 2023-02-14 | |
| https://usn.ubuntu.com/3777-3 | 2023-02-14 | |
| https://usn.ubuntu.com/3779-1 | 2023-02-14 | |
| https://www.debian.org/security/2018/dsa-4308 | 2023-02-14 | |
| https://access.redhat.com/security/cve/CVE-2018-14633 | 2019-07-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1626035 | 2019-07-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.1 < 3.16.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.16.59" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.124" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.4.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.4.159" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.130 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.130" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.73 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.73" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.18.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.18.11" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||