PT-2020-10012 · Suse+1 · Suse Linux Enterprise High Performance Computing 15-Ltss+8

Ivan Kapelyukhin

·

Published

2020-01-30

·

Updated

2024-06-15

·

CVE-2019-18904

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1 SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1 SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1 SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1 SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1 SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1 SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1 openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1
Description A Uncontrolled Resource Consumption vulnerability in rmt allows remote attackers to cause DoS against rmt by requesting migrations.
Recommendations Update SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server to version 2.5.2-3.26.1 or later. Update SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server to version 2.5.2-3.26.1 or later. Update SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server to version 2.5.2-3.9.1 or later. Update SUSE Linux Enterprise Module for Server Applications 15 rmt-server to version 2.5.2-3.26.1 or later. Update SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server to version 2.5.2-3.9.1 or later. Update SUSE Linux Enterprise Server 15-LTSS rmt-server to version 2.5.2-3.26.1 or later. Update SUSE Linux Enterprise Server for SAP 15 rmt-server to version 2.5.2-3.26.1 or later. Update openSUSE Leap 15.1 rmt-server to version 2.5.2-lp151.2.9.1 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2019-18904
OPENSUSE-SU-2020:0235-1
OPENSUSE-SU-2020_0235-1
OPENSUSE-SU-2024:10589-1
SUSE-SU-2020:0260-1
SUSE-SU-2020:0278-1
SUSE-SU-2020:1179-1
SUSE-SU-2020_0260-1
SUSE-SU-2020_0278-1
SUSE-SU-2020_1179-1

Affected Products

Suse Linux Enterprise High Performance Computing 15-Espos
Suse Linux Enterprise High Performance Computing 15-Ltss
Suse Linux Enterprise Module For Public Cloud 15-Sp1
Suse Linux Enterprise Module For Server Applications 15
Suse Linux Enterprise Module For Server Applications 15-Sp1
Suse Linux Enterprise Server 15
Suse Linux Enterprise Server For Sap 15
Suse
Opensuse Leap 15.1