Bug 1626035 (CVE-2018-14633)
| Summary: | CVE-2018-14633 kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vladis Dronov <vdronov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | 631069724, acaringi, airlied, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, ewk, fhrbata, hdegoede, hkrzesin, hwkernel-mgr, iboverma, ichavero, itamar, jarodwilson, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, rt-maint, rvrbovsk, security-response-team, steved, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:37:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1627034, 1627035, 1627037, 1627038, 1632184, 1632185, 1634711, 1640716, 1695812, 1695813 | ||
| Bug Blocks: | 1619500 | ||
|
Description
Vladis Dronov
2018-09-06 12:46:18 UTC
Acknowledgments: Name: Vincent Pelletier Note: The current kernels as shipped in the Red Hat's products are not vulnerable to this flaw due to certain layout of local variables on the stack of the chap_server_compute_md5() function. Namely, this buffer overflow does not overwrite anything meaningful and so does not make a security impact. Nevertheless, this may not be true for the future kernel versions. For this reason this flaw is rated as Moderate and is planned to be fixed in the future versions of the Red Hat's product. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1632185] kernel-4.18.10-100.fc27, kernel-headers-4.18.10-100.fc27, kernel-tools-4.18.10-100.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3651 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3666 https://access.redhat.com/errata/RHSA-2018:3666 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2019:1946 |