Vulnerability CVE-2018-6644

Vulnerability Name:

CVE-2018-6644 (CCN-138774)

Assigned:

2018-02-07

Published:

2018-02-07

Updated:

2018-02-27

Summary:

SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2018-6644

Source: CCN
Type: SBLIM project Web site
sfcb

Source: CCN
Type: oss-sec Mailing List, Wed, 7 Feb 2018 13:04:18 +0800 (CST)
Fw:Re: [scr459004] sfcb - 1.4.9

Source: MLIST
Type: Exploit, Issue Tracking, Mailing List, Third Party Advisory
[oss-security] 20180207 Fwe: [scr459004] sfcb - 1.4.9

Source: BID
Type: Third Party Advisory, VDB Entry
103041

Source: CCN
Type: BID-103041
SBLIM-SFCB CVE-2018-6644 Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
sblimproject-cve20186644-dos(138774)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sblim_project:small_footprint_cim_broker:1.4.9:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20186644	V	CVE-2018-6644	2022-09-02
oval:org.opensuse.security:def:623	P	Security update for MozillaFirefox (Important)	2022-08-01
oval:org.opensuse.security:def:3523	P	hplip-3.16.11-1.33 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95153	P	sblim-sfcb-1.4.9-150000.5.9.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94244	P	(Moderate)	2022-06-02
oval:org.opensuse.security:def:1657	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:1536	P	Security update for MozillaThunderbird (Important)	2022-03-10
oval:org.opensuse.security:def:1070	P	Security update for webkit2gtk3 (Important)	2022-01-25
oval:org.opensuse.security:def:113423	P	sblim-sfcb-1.4.9-13.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1592	P	Security update for the Linux Kernel (Important)	2021-11-09
oval:org.opensuse.security:def:106825	P	sblim-sfcb-1.4.9-13.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:97037	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71332	P	libwavpack1-5.1.0-4.3.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:90072	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2148	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63237	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103727	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:66913	P	Security update for php7 (Important)	2021-08-30
oval:org.opensuse.security:def:64745	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:70269	P	Security update for c-ares (Important)	2021-08-17
oval:org.opensuse.security:def:47920	P	xdg-utils-20140630-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47536	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48144	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47671	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47996	P	dracut-044.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47592	P	dbus-1-glib-0.100.2-3.58 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48236	P	logwatch-7.4.3-15.65 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47727	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47535	P	xorg-x11-7.6_1-14.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48052	P	java-1_7_1-ibm-1.7.1_sr4.50-38.41.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47550	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48292	P	radvd-1.9.7-2.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47864	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47591	P	dbus-1-1.8.22-29.10.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48088	P	libXvMC1-1.0.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47606	P	expat-2.1.0-21.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2284	P	sblim-sfcb-1.4.9-5.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63373	P	sblim-sfcb-1.4.9-5.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101399	P	sblim-sfcb-1.4.9-5.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100957	P	libpng16-16-1.6.34-3.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1014	P	iscsiuio-0.7.8.6-30.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66821	P	Security update for libopenmpt (Moderate)	2021-06-09
oval:org.opensuse.security:def:48819	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48596	P	perl-HTML-Parser-3.71-1.145 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48692	P	libraw9-0.15.4-3.88 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48506	P	libipa_hbac0-1.13.4-18.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48652	P	xlockmore-5.43-5.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48748	P	libuuid-devel-2.25-30.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48534	P	libpng12-0-1.2.50-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48661	P	ImageMagick-6.8.8.1-5.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48763	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48590	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48717	P	finch-2.10.9-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48450	P	java-1_8_0-openjdk-1.8.0.101-14.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67992	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:73604	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:64658	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:68092	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP1) (Important)	2021-02-10
oval:org.opensuse.security:def:63302	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107623	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2092	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63181	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71445	P	bash-4.4-9.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117181	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2213	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:70164	P	Security update for java-1_8_0-openjdk (Important)	2020-12-02
oval:org.opensuse.security:def:49979	P	socat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49977	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50044	P	389-ds on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50033	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73486	P	bouncycastle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49923	P	python2-paramiko on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50098	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:201866440000000	V	CVE-2018-6644 on Ubuntu 18.04 LTS (bionic) - untriaged.	2018-02-08
oval:com.ubuntu.artful:def:20186644000	V	CVE-2018-6644 on Ubuntu 17.10 (artful) - untriaged.	2018-02-08
oval:com.ubuntu.xenial:def:20186644000	V	CVE-2018-6644 on Ubuntu 16.04 LTS (xenial) - untriaged.	2018-02-08
oval:com.ubuntu.xenial:def:201866440000000	V	CVE-2018-6644 on Ubuntu 16.04 LTS (xenial) - untriaged.	2018-02-08
oval:com.ubuntu.bionic:def:20186644000	V	CVE-2018-6644 on Ubuntu 18.04 LTS (bionic) - untriaged.	2018-02-08
oval:com.ubuntu.disco:def:201866440000000	V	CVE-2018-6644 on Ubuntu 19.04 (disco) - untriaged.	2018-02-08
oval:com.ubuntu.cosmic:def:20186644000	V	CVE-2018-6644 on Ubuntu 18.10 (cosmic) - untriaged.	2018-02-08
oval:com.ubuntu.cosmic:def:201866440000000	V	CVE-2018-6644 on Ubuntu 18.10 (cosmic) - untriaged.	2018-02-08
oval:com.ubuntu.trusty:def:20186644000	V	CVE-2018-6644 on Ubuntu 14.04 LTS (trusty) - untriaged.	2018-02-08

BACK