CVE-2019-18904
Migrations requests can cause DoS on rmt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.
Una vulnerabilidad de Consumo de Recursos No Controlados en rmt de SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, permite a atacantes remotos causar una DoS contra rmt al solicitar migraciones. Este problema afecta a: rmt-server de SUSE Linux Enterprise High Performance Computing 15-ESPOS versiones anteriores a 2.5.2-3.26.1. rmt-server de SUSE Linux Enterprise High Performance Computing 15-LTSS versiones anteriores a 2.5.2-3.26.1. rmt-server de SUSE Linux Enterprise Module for Public Cloud 15-SP1 versiones anteriores a 2.5.2-3.9.1. rmt-server de SUSE Linux Enterprise Module for Server Applications 15 versiones anteriores a 2.5.2-3.26.1. rmt-server de SUSE Linux Enterprise Module for Server Applications 15-SP1 versiones anteriores a 2.5.2-3.9.1. rmt-server de SUSE Linux Enterprise Server 15-LTSS versiones anteriores a 2.5.2-3.26.1. rmt-server de SUSE Linux Enterprise Server for SAP 15 versiones anteriores a 2.5.2-3.26.1. rmt-server de openSUSE Leap 15.1 versiones anteriores a 2.5.2-lp151.2.9.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-12 CVE Reserved
- 2020-04-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1160922 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.26.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.26.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise High Performance Computing Search vendor "Suse" for product "Linux Enterprise High Performance Computing" | 15.0 Search vendor "Suse" for product "Linux Enterprise High Performance Computing" and version "15.0" | espos |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.26.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.26.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise High Performance Computing Search vendor "Suse" for product "Linux Enterprise High Performance Computing" | 15.0 Search vendor "Suse" for product "Linux Enterprise High Performance Computing" and version "15.0" | ltss |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.26.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.26.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | - |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.26.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.26.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | ltss |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.26.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.26.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | sap |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.9.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.9.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Search vendor "Suse" for product "Linux Enterprise" | 15.0 Search vendor "Suse" for product "Linux Enterprise" and version "15.0" | sp1, public_cloud |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-3.9.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-3.9.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | sp1 |
Safe
|
Opensuse Search vendor "Opensuse" | Rmt-server Search vendor "Opensuse" for product "Rmt-server" | <= 2.5.2-lp151.2.9.1 Search vendor "Opensuse" for product "Rmt-server" and version " <= 2.5.2-lp151.2.9.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Safe
|