Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-14633
HistorySep 24, 2018 - 12:00 a.m.

CVE-2018-14633

2018-09-2400:00:00
ubuntu.com
ubuntu.com
36

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS3

7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.007

Percentile

80.9%

A security flaw was found in the chap_server_compute_md5() function in the
ISCSI target code in the Linux kernel in a way an authentication request
from an ISCSI initiator is processed. An unauthenticated remote attacker
can cause a stack buffer overflow and smash up to 17 bytes of the stack.
The attack requires the iSCSI target to be enabled on the victim host.
Depending on how the target’s code was built (i.e. depending on a compiler,
compile flags and hardware architecture) an attack may lead to a system
crash and thus to a denial-of-service or possibly to a non-authorized
access to data exported by an iSCSI target. Due to the nature of the flaw,
privilege escalation cannot be fully ruled out, although we believe it is
highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to
be vulnerable.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-36.39UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-160.210UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-137.163UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1023.23UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1031.34UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1069.79UNKNOWN
ubuntu18.04noarchlinux-azure< 4.15.0-1025.26UNKNOWN
ubuntu14.04noarchlinux-azure< 4.15.0-1030.31~14.04.1UNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1025.26~16.04.1UNKNOWN
ubuntu16.04noarchlinux-azure-edge< 4.15.0-1025.26UNKNOWN
Rows per page:
1-10 of 211

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS3

7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.007

Percentile

80.9%