SUSE update for librelp
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-1000140 |
| CWE-ID | CWE-121 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software |
SUSE OpenStack Cloud Crowbar Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system HPE Helion Openstack Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE OpenStack Cloud Operating systems & Components / Operating system librelp-devel Operating systems & Components / Operating system package or component librelp0-debuginfo Operating systems & Components / Operating system package or component librelp0 Operating systems & Components / Operating system package or component librelp-debugsource Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU11306
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2018-1000140
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in the relpTcpChkPeerName function due to insufficient validation of X.509 certificates and improper checks on the return value. A remote attacker can send a specially crafted X.509 certificate, trigger stack-based buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package librelp to the latest version.
Vulnerable software versionsSUSE OpenStack Cloud Crowbar: 8 - 9
SUSE Linux Enterprise Software Development Kit: 12-SP5
SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4
HPE Helion Openstack: 8
SUSE Linux Enterprise Server for SAP Applications: 12-SP5
SUSE Linux Enterprise Server: 12-SP3-LTSS - 12-SP5
SUSE OpenStack Cloud: 8 - 9
librelp-devel: before 1.2.15-3.6.3
librelp0-debuginfo: before 1.2.15-3.6.3
librelp0: before 1.2.15-3.6.3
librelp-debugsource: before 1.2.15-3.6.3
CPE2.3- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:8:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud_crowbar:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:12-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:hpe_helion_openstack:8:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:12-SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP3-BCL:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12-SP4-LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:*
- cpe:2.3:o:suse:librelp-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:librelp0-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:librelp0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:librelp-debugsource:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20221891-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
