CVE - CVE-2018-14633

CVE-ID
CVE-2018-14633	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:105388 URL:http://www.securityfocus.com/bid/105388 MISC:DSA-4308 URL:https://www.debian.org/security/2018/dsa-4308 MISC:RHSA-2018:3651 URL:https://access.redhat.com/errata/RHSA-2018:3651 MISC:RHSA-2018:3666 URL:https://access.redhat.com/errata/RHSA-2018:3666 MISC:RHSA-2019:1946 URL:https://access.redhat.com/errata/RHSA-2019:1946 MISC:USN-3775-1 URL:https://usn.ubuntu.com/3775-1/ MISC:USN-3775-2 URL:https://usn.ubuntu.com/3775-2/ MISC:USN-3776-1 URL:https://usn.ubuntu.com/3776-1/ MISC:USN-3776-2 URL:https://usn.ubuntu.com/3776-2/ MISC:USN-3777-1 URL:https://usn.ubuntu.com/3777-1/ MISC:USN-3777-2 URL:https://usn.ubuntu.com/3777-2/ MISC:USN-3777-3 URL:https://usn.ubuntu.com/3777-3/ MISC:USN-3779-1 URL:https://usn.ubuntu.com/3779-1/ MISC:[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 MISC:https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c URL:https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c MISC:https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe URL:https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe MISC:https://seclists.org/oss-sec/2018/q3/270 URL:https://seclists.org/oss-sec/2018/q3/270
Assigning CNA
Red Hat, Inc.
Date Record Created
20180727	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180727)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)