Summaryinfo

A vulnerability marked as critical has been reported in Linux Kernel 3.10.x/4.14.x/4.18.x. This affects the function chap_server_compute_md5 of the component ISCSI Target Code. This manipulation causes memory corruption. The identification of this vulnerability is CVE-2018-14633. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Linux Kernel 3.10.x/4.14.x/4.18.x (Operating System) and classified as critical. Affected by this vulnerability is the function chap_server_compute_md5 of the component ISCSI Target Code. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.

The bug was discovered 09/24/2018. The weakness was shared 09/25/2018 as confirmed bug report (Bugzilla). The advisory is shared at bugzilla.redhat.com. This vulnerability is known as CVE-2018-14633 since 07/27/2018. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 117862 (Debian DSA-4308-1 : linux - security update), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 171709 (SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2018:3746-1)).

Upgrading eliminates this vulnerability. A possible mitigation has been published 7 days after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at Tenable (117862) and SecurityFocus (BID 105388†). The entries VDB-99009, VDB-109136, VDB-110475 and VDB-120206 are related to this item. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 3.10.x
• 4.14.x
• 4.18.x

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion