Vulnerabilities > CVE-2018-1084 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 | |
OS | 1 | |
OS | 1 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1014.NASL description Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service.(CVE-2018-1084) last seen 2020-06-01 modified 2020-06-02 plugin id 109693 published 2018-05-11 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109693 title Amazon Linux 2 : corosync (ALAS-2018-1014) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1014. # include("compat.inc"); if (description) { script_id(109693); script_version("1.5"); script_cvs_date("Date: 2018/08/31 12:25:00"); script_cve_id("CVE-2018-1084"); script_xref(name:"ALAS", value:"2018-1014"); script_xref(name:"IAVA", value:"2018-A-0127"); script_name(english:"Amazon Linux 2 : corosync (ALAS-2018-1014)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service.(CVE-2018-1084)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1014.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update corosync' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:corosync"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:corosync-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:corosync-qdevice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:corosync-qnetd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:corosynclib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:corosynclib-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/11"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"corosync-2.4.3-2.amzn2.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"corosync-debuginfo-2.4.3-2.amzn2.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"corosync-qdevice-2.4.3-2.amzn2.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"corosync-qnetd-2.4.3-2.amzn2.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"corosynclib-2.4.3-2.amzn2.1")) flag++; if (rpm_check(release:"AL2", cpu:"x86_64", reference:"corosynclib-devel-2.4.3-2.amzn2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "corosync / corosync-debuginfo / corosync-qdevice / corosync-qnetd / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-D87E29047D.NASL description New upstream release with security fix for CVE-2018-1084 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-04-20 plugin id 109189 published 2018-04-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109189 title Fedora 26 : corosync (2018-d87e29047d) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-1169.NASL description An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es) : * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 110239 published 2018-05-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110239 title CentOS 7 : corosync (CESA-2018:1169) NASL family Scientific Linux Local Security Checks NASL id SL_20180417_COROSYNC_ON_SL7_X.NASL description Security Fix(es) : - corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) last seen 2020-03-18 modified 2018-05-01 plugin id 109460 published 2018-05-01 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109460 title Scientific Linux Security Update : corosync on SL7.x x86_64 (20180417) NASL family Fedora Local Security Checks NASL id FEDORA_2018-B0253649BE.NASL description New upstream release with security fix for CVE-2018-1084 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-04-19 plugin id 109151 published 2018-04-19 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109151 title Fedora 27 : corosync (2018-b0253649be) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4174.NASL description The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash. last seen 2020-06-01 modified 2020-06-02 plugin id 109092 published 2018-04-18 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109092 title Debian DSA-4174-1 : corosync - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-1169.NASL description From Red Hat Security Advisory 2018:1169 : An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es) : * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109439 published 2018-05-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109439 title Oracle Linux 7 : corosync (ELSA-2018-1169) NASL family Fedora Local Security Checks NASL id FEDORA_2018-12DA088117.NASL description New upstream release with security fix for CVE-2018-1084 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120244 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120244 title Fedora 28 : corosync (2018-12da088117) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4000-1.NASL description It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125623 published 2019-05-31 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125623 title Ubuntu 16.04 LTS / 18.04 LTS : corosync vulnerability (USN-4000-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-417.NASL description This update for corosync fixes the following issues : - CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346) - Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585) - Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561) This update was imported from the SUSE:SLE-12-SP3:Update update project. last seen 2020-06-05 modified 2018-05-03 plugin id 109541 published 2018-05-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109541 title openSUSE Security Update : corosync (openSUSE-2018-417) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0046_COROSYNC.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has corosync packages installed that are affected by a vulnerability: - An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. (CVE-2018-1084) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127226 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127226 title NewStart CGSL CORE 5.04 / MAIN 5.04 : corosync Vulnerability (NS-SA-2019-0046) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1169.NASL description An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es) : * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 109117 published 2018-04-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109117 title RHEL 7 : corosync (RHSA-2018:1169)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|