Unknown
CVE-2018-14633
CVE-2018-14633
Description
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target’s code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- canonical,
- debian,
- linux,
- redhat
Products
- debian linux 8.0,
- debian linux 9.0,
- enterprise linux eus 7.4,
- enterprise linux eus 7.6,
- enterprise linux server 7.0,
- enterprise linux server aus 7.4,
- enterprise linux server aus 7.6,
- enterprise linux server tus 7.4,
- enterprise linux server tus 7.6,
- enterprise linux workstation 7.0,
- linux kernel,
- ubuntu linux 12.04,
- ubuntu linux 14.04,
- ubuntu linux 16.04,
- ubuntu linux 18.04
References
Advisory
Miscellaneous
