Vulnerability CVE-2018-14633: Information

Description

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-14633
Published: Sept. 25, 2018
Modified: Feb. 15, 2023
Error type identifier: CWE-121

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus4.18.12-alt16.8.4-alt1ALT-PU-2018-2420-1214125Fixed
kernel-image-mpp104.18.12-alt16.1.19-alt1ALT-PU-2018-2420-1214125Fixed
kernel-image-mpp94.18.12-alt15.12.16-alt1ALT-PU-2018-2420-1214125Fixed
kernel-image-mpc9f24.18.12-alt15.7.16-alt1ALT-PU-2018-2420-1214125Fixed
kernel-image-std-defsisyphus4.14.76-alt16.1.87-alt1ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defp104.14.76-alt15.10.213-alt1ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defp94.14.76-alt15.4.274-alt1ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defp84.9.131-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2018-2441-1214064Fixed
kernel-image-std-defc9f24.14.76-alt15.10.214-alt0.c9f.2ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defc74.4.183-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2019-2175-1233233Fixed
kernel-image-std-paep84.4.159-alt0.M80P.14.4.159-alt0.M80P.1ALT-PU-2018-2446-1213838Fixed
kernel-image-std-paec9f24.4.159-alt14.19.72-alt1ALT-PU-2018-2412-1213835Fixed
kernel-image-un-defsisyphus4.18.11-alt16.6.28-alt1ALT-PU-2018-2408-1213831Fixed
kernel-image-un-defp104.18.11-alt16.1.85-alt1ALT-PU-2018-2408-1213831Fixed
kernel-image-un-defp94.18.11-alt15.10.215-alt1ALT-PU-2018-2408-1213831Fixed
kernel-image-un-defp84.14.74-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2018-2438-1214063Fixed
kernel-image-un-defc10f14.18.11-alt16.1.85-alt0.c10f.1ALT-PU-2018-2408-1213831Fixed
kernel-image-un-defc9f24.18.11-alt15.10.29-alt2ALT-PU-2018-2408-1213831Fixed
kernel-image-un-defc74.9.277-alt0.M70C.14.9.277-alt0.M70C.1ALT-PU-2021-3032-1281292Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://seclists.org/oss-sec/2018/q3/270
  • Mailing List
  • Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe
  • Patch
  • Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c
  • Patch
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633
  • Issue Tracking
  • Patch
  • Third Party Advisory
105388
  • Third Party Advisory
  • VDB Entry
DSA-4308
  • Third Party Advisory
USN-3777-2
  • Third Party Advisory
USN-3777-1
  • Third Party Advisory
USN-3776-2
  • Third Party Advisory
USN-3776-1
  • Third Party Advisory
USN-3775-2
  • Third Party Advisory
USN-3779-1
  • Third Party Advisory
USN-3775-1
  • Third Party Advisory
[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
  • Mailing List
  • Third Party Advisory
USN-3777-3
  • Third Party Advisory
RHSA-2018:3666
  • Third Party Advisory
RHSA-2018:3651
  • Third Party Advisory
RHSA-2019:1946
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.1
      End excliding
      3.16.59
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.17
      End excliding
      3.18.124
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      3.19
      End excliding
      4.4.159
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.5
      End excliding
      4.9.130
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.10
      End excliding
      4.14.73
      cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
      Start including
      4.15
      End excliding
      4.18.11

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

      Configuration 3

      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top