Vulnerability Details : CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
Vulnerability category: OverflowMemory CorruptionGain privilegeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2018-14633
Probability of exploitation activity in the next 30 days: 1.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-14633
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
8.3
|
HIGH | AV:N/AC:M/Au:N/C:P/I:P/A:C |
8.6
|
8.5
|
[email protected] |
|
7.0
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
2.2
|
4.7
|
[email protected] |
|
7.0
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
2.2
|
4.7
|
[email protected] |
CWE ids for CVE-2018-14633
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: [email protected] (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: [email protected] (Secondary)
References for CVE-2018-14633
-
https://access.redhat.com/errata/RHSA-2018:3666
Third Party Advisory
-
http://www.securityfocus.com/bid/105388
Third Party Advisory;VDB Entry
-
https://www.debian.org/security/2018/dsa-4308
Third Party Advisory
-
https://usn.ubuntu.com/3775-1/
Third Party Advisory
-
https://usn.ubuntu.com/3777-3/
Third Party Advisory
-
https://usn.ubuntu.com/3779-1/
Third Party Advisory
-
https://seclists.org/oss-sec/2018/q3/270
Mailing List;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe
Patch;Vendor Advisory
-
https://usn.ubuntu.com/3777-2/
Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1946
Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633
Issue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3776-1/
Third Party Advisory
-
https://usn.ubuntu.com/3777-1/
Third Party Advisory
-
https://usn.ubuntu.com/3776-2/
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3651
Third Party Advisory
-
https://usn.ubuntu.com/3775-2/
Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c
Patch;Vendor Advisory
Products affected by CVE-2018-14633
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*