CVE-2018-14633

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.10.x through 4.18.x

Description The issue is related to the chap server compute md5() function in the ISCSI target code of the Linux kernel, which incorrectly checks memory access boundaries, leading to a buffer overflow. This can be exploited by an unauthenticated remote attacker to cause a denial-of-service or potentially gain access to protected information. The attack requires the iSCSI target to be enabled on the victim host. Depending on the compiler, compile flags, and hardware architecture used to build the target's code, the attack may lead to a system crash or possibly unauthorized access to data exported by the iSCSI target.

Recommendations For Linux kernel versions 3.10.x, consider disabling the iSCSI target until a patch is available. For Linux kernel versions 4.14.x, restrict access to the vulnerable chap server compute md5() function to minimize the risk of exploitation. For Linux kernel versions 4.18.x, avoid using the ISCSI target feature until the issue is resolved. As a temporary workaround, consider disabling the ISCSI target feature on all vulnerable versions until a patch is available.