ID CVE-2018-1084
Summary corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
References
Vulnerable Configurations
  • Corosync 2.3.0
    cpe:2.3:a:corosync:corosync:2.3.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1169.NASL
    description An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es) : * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110239
    published 2018-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110239
    title CentOS 7 : corosync (CESA-2018:1169)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180417_COROSYNC_ON_SL7_X.NASL
    description Security Fix(es) : - corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 109460
    published 2018-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109460
    title Scientific Linux Security Update : corosync on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-B0253649BE.NASL
    description New upstream release with security fix for CVE-2018-1084 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 109151
    published 2018-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109151
    title Fedora 27 : corosync (2018-b0253649be)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1169.NASL
    description An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es) : * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109117
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109117
    title RHEL 7 : corosync (RHSA-2018:1169)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D87E29047D.NASL
    description New upstream release with security fix for CVE-2018-1084 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 109189
    published 2018-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109189
    title Fedora 26 : corosync (2018-d87e29047d)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-417.NASL
    description This update for corosync fixes the following issues : - CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346) - Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585) - Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561) This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 109541
    published 2018-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109541
    title openSUSE Security Update : corosync (openSUSE-2018-417)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1169.NASL
    description From Red Hat Security Advisory 2018:1169 : An update for corosync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es) : * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 109439
    published 2018-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109439
    title Oracle Linux 7 : corosync (ELSA-2018-1169)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-12DA088117.NASL
    description New upstream release with security fix for CVE-2018-1084 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120244
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120244
    title Fedora 28 : corosync (2018-12da088117)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4174.NASL
    description The Citrix Security Response Team discovered that corosync, a cluster engine implementation, allowed an unauthenticated user to cause a denial-of-service by application crash.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 109092
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109092
    title Debian DSA-4174-1 : corosync - security update
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1014.NASL
    description Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service.(CVE-2018-1084)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 109693
    published 2018-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109693
    title Amazon Linux 2 : corosync (ALAS-2018-1014)
redhat via4
advisories
bugzilla
id 1552830
title CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment corosync is earlier than 0:2.4.3-2.el7_5.1
        oval oval:com.redhat.rhsa:tst:20181169013
      • comment corosync is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20181169014
    • AND
      • comment corosync-qdevice is earlier than 0:2.4.3-2.el7_5.1
        oval oval:com.redhat.rhsa:tst:20181169011
      • comment corosync-qdevice is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20181169012
    • AND
      • comment corosync-qnetd is earlier than 0:2.4.3-2.el7_5.1
        oval oval:com.redhat.rhsa:tst:20181169005
      • comment corosync-qnetd is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20181169006
    • AND
      • comment corosynclib is earlier than 0:2.4.3-2.el7_5.1
        oval oval:com.redhat.rhsa:tst:20181169007
      • comment corosynclib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20181169008
    • AND
      • comment corosynclib-devel is earlier than 0:2.4.3-2.el7_5.1
        oval oval:com.redhat.rhsa:tst:20181169009
      • comment corosynclib-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20181169010
rhsa
id RHSA-2018:1169
released 2018-04-17
severity Important
title RHSA-2018:1169: corosync security update (Important)
rpms
  • corosync-0:2.4.3-2.el7_5.1
  • corosync-qdevice-0:2.4.3-2.el7_5.1
  • corosync-qnetd-0:2.4.3-2.el7_5.1
  • corosynclib-0:2.4.3-2.el7_5.1
  • corosynclib-devel-0:2.4.3-2.el7_5.1
refmap via4
bid 103758
debian DSA-4174
misc https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084
ubuntu USN-4000-1
Last major update 18-04-2018 - 21:29
Published 12-04-2018 - 13:29
Last modified 31-07-2019 - 16:28
Back to Top