Think you have a false positive on this rule?

Sid 1-32637

Message

PROTOCOL-TFTP UDP large packet use after free attempt

Summary

The udp6ufofragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.

Impact

CVSS base score 7.1 CVSS impact score 6.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2013-4563:

CVSS base score 7.1

CVSS impact score 6.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

CVE-2018-8476:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2013-4563: The udp6ufofragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.

CVE-2018-8476: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.

Affected systems

  • linux linux_kernel 3.0
  • linux linux_kernel 3.0.1
  • linux linux_kernel 3.0.2
  • linux linux_kernel 3.0.3
  • linux linux_kernel 3.0.4
  • linux linux_kernel 3.0.5
  • linux linux_kernel 3.0.6
  • linux linux_kernel 3.0.7
  • linux linux_kernel 3.0.8
  • linux linux_kernel 3.0.9
  • linux linux_kernel 3.0.10
  • linux linux_kernel 3.0.11
  • linux linux_kernel 3.0.12
  • linux linux_kernel 3.0.13
  • linux linux_kernel 3.0.14
  • linux linux_kernel 3.0.15
  • linux linux_kernel 3.0.16
  • linux linux_kernel 3.0.17
  • linux linux_kernel 3.0.18
  • linux linux_kernel 3.0.19
  • linux linux_kernel 3.0.20
  • linux linux_kernel 3.0.21
  • linux linux_kernel 3.0.22
  • linux linux_kernel 3.0.23
  • linux linux_kernel 3.0.24
  • linux linux_kernel 3.0.25
  • linux linux_kernel 3.0.26
  • linux linux_kernel 3.0.27
  • linux linux_kernel 3.0.28
  • linux linux_kernel 3.0.29
  • linux linux_kernel 3.0.30
  • linux linux_kernel 3.0.31
  • linux linux_kernel 3.0.32
  • linux linux_kernel 3.0.33
  • linux linux_kernel 3.0.34
  • linux linux_kernel 3.0.35
  • linux linux_kernel 3.0.36
  • linux linux_kernel 3.0.37
  • linux linux_kernel 3.0.38
  • linux linux_kernel 3.0.39
  • linux linux_kernel 3.0.40
  • linux linux_kernel 3.0.41
  • linux linux_kernel 3.0.42
  • linux linux_kernel 3.0.43
  • linux linux_kernel 3.0.44
  • linux linux_kernel 3.0.45
  • linux linux_kernel 3.0.46
  • linux linux_kernel 3.0.47
  • linux linux_kernel 3.0.48
  • linux linux_kernel 3.0.49
  • linux linux_kernel 3.0.50
  • linux linux_kernel 3.0.51
  • linux linux_kernel 3.0.52
  • linux linux_kernel 3.0.53
  • linux linux_kernel 3.0.54
  • linux linux_kernel 3.0.55
  • linux linux_kernel 3.0.56
  • linux linux_kernel 3.0.57
  • linux linux_kernel 3.0.58
  • linux linux_kernel 3.0.59
  • linux linux_kernel 3.0.60
  • linux linux_kernel 3.0.61
  • linux linux_kernel 3.0.62
  • linux linux_kernel 3.0.63
  • linux linux_kernel 3.0.64
  • linux linux_kernel 3.0.65
  • linux linux_kernel 3.0.66
  • linux linux_kernel 3.0.67
  • linux linux_kernel 3.0.68
  • linux linux_kernel 3.1
  • linux linux_kernel 3.1.1
  • linux linux_kernel 3.1.2
  • linux linux_kernel 3.1.3
  • linux linux_kernel 3.1.4
  • linux linux_kernel 3.1.5
  • linux linux_kernel 3.1.6
  • linux linux_kernel 3.1.7
  • linux linux_kernel 3.1.8
  • linux linux_kernel 3.1.9
  • linux linux_kernel 3.1.10
  • linux linux_kernel 3.2
  • linux linux_kernel 3.2.1
  • linux linux_kernel 3.2.2
  • linux linux_kernel 3.2.3
  • linux linux_kernel 3.2.4
  • linux linux_kernel 3.2.5
  • linux linux_kernel 3.2.6
  • linux linux_kernel 3.2.7
  • linux linux_kernel 3.2.8
  • linux linux_kernel 3.2.9
  • linux linux_kernel 3.2.10
  • linux linux_kernel 3.2.11
  • linux linux_kernel 3.2.12
  • linux linux_kernel 3.2.13
  • linux linux_kernel 3.2.14
  • linux linux_kernel 3.2.15
  • linux linux_kernel 3.2.16
  • linux linux_kernel 3.2.17
  • linux linux_kernel 3.2.18
  • linux linux_kernel 3.2.19
  • linux linux_kernel 3.2.20
  • linux linux_kernel 3.2.21
  • linux linux_kernel 3.2.22
  • linux linux_kernel 3.2.23
  • linux linux_kernel 3.2.24
  • linux linux_kernel 3.2.25
  • linux linux_kernel 3.2.26
  • linux linux_kernel 3.2.27
  • linux linux_kernel 3.2.28
  • linux linux_kernel 3.2.29
  • linux linux_kernel 3.2.30
  • linux linux_kernel 3.3
  • linux linux_kernel 3.3.1
  • linux linux_kernel 3.3.2
  • linux linux_kernel 3.3.3
  • linux linux_kernel 3.3.4
  • linux linux_kernel 3.3.5
  • linux linux_kernel 3.3.6
  • linux linux_kernel 3.3.7
  • linux linux_kernel 3.3.8
  • linux linux_kernel 3.4
  • linux linux_kernel 3.4.1
  • linux linux_kernel 3.4.2
  • linux linux_kernel 3.4.3
  • linux linux_kernel 3.4.4
  • linux linux_kernel 3.4.5
  • linux linux_kernel 3.4.6
  • linux linux_kernel 3.4.7
  • linux linux_kernel 3.4.8
  • linux linux_kernel 3.4.9
  • linux linux_kernel 3.4.10
  • linux linux_kernel 3.4.11
  • linux linux_kernel 3.4.12
  • linux linux_kernel 3.4.13
  • linux linux_kernel 3.4.14
  • linux linux_kernel 3.4.15
  • linux linux_kernel 3.4.16
  • linux linux_kernel 3.4.17
  • linux linux_kernel 3.4.18
  • linux linux_kernel 3.4.19
  • linux linux_kernel 3.4.20
  • linux linux_kernel 3.4.21
  • linux linux_kernel 3.4.22
  • linux linux_kernel 3.4.23
  • linux linux_kernel 3.4.24
  • linux linux_kernel 3.4.25
  • linux linux_kernel 3.4.26
  • linux linux_kernel 3.4.27
  • linux linux_kernel 3.4.28
  • linux linux_kernel 3.4.29
  • linux linux_kernel 3.4.30
  • linux linux_kernel 3.4.31
  • linux linux_kernel 3.4.32
  • linux linux_kernel 3.5.1
  • linux linux_kernel 3.5.2
  • linux linux_kernel 3.5.3
  • linux linux_kernel 3.5.4
  • linux linux_kernel 3.5.5
  • linux linux_kernel 3.5.6
  • linux linux_kernel 3.5.7
  • linux linux_kernel 3.6
  • linux linux_kernel 3.6.1
  • linux linux_kernel 3.6.2
  • linux linux_kernel 3.6.3
  • linux linux_kernel 3.6.4
  • linux linux_kernel 3.6.5
  • linux linux_kernel 3.6.6
  • linux linux_kernel 3.6.7
  • linux linux_kernel 3.6.8
  • linux linux_kernel 3.6.9
  • linux linux_kernel 3.6.10
  • linux linux_kernel 3.6.11
  • linux linux_kernel 3.7
  • linux linux_kernel 3.7.1
  • linux linux_kernel 3.7.2
  • linux linux_kernel 3.7.3
  • linux linux_kernel 3.7.4
  • linux linux_kernel 3.7.5
  • linux linux_kernel 3.7.6
  • linux linux_kernel 3.7.7
  • linux linux_kernel 3.7.8
  • linux linux_kernel 3.7.9
  • linux linux_kernel 3.7.10
  • linux linux_kernel 3.8.0
  • linux linux_kernel 3.8.1
  • linux linux_kernel 3.8.2
  • linux linux_kernel 3.8.3
  • linux linux_kernel 3.8.4
  • linux linux_kernel 3.8.5
  • linux linux_kernel 3.8.6
  • linux linux_kernel 3.8.7
  • linux linux_kernel 3.8.8
  • linux linux_kernel 3.8.9
  • linux linux_kernel 3.8.10
  • linux linux_kernel 3.8.11
  • linux linux_kernel 3.8.12
  • linux linux_kernel 3.8.13
  • linux linux_kernel 3.9
  • linux linux_kernel 3.9.0
  • linux linux_kernel 3.9.1
  • linux linux_kernel 3.9.2
  • linux linux_kernel 3.9.3
  • linux linux_kernel 3.9.4
  • linux linux_kernel 3.9.5
  • linux linux_kernel 3.9.6
  • linux linux_kernel 3.9.7
  • linux linux_kernel 3.9.8
  • linux linux_kernel 3.9.9
  • linux linux_kernel 3.9.10
  • linux linux_kernel 3.9.11
  • linux linux_kernel 3.10.1
  • linux linux_kernel 3.10.2
  • linux linux_kernel 3.10.3
  • linux linux_kernel 3.10.4
  • linux linux_kernel 3.10.5
  • linux linux_kernel 3.10.6
  • linux linux_kernel 3.10.7
  • linux linux_kernel 3.10.8
  • linux linux_kernel 3.10.9
  • linux linux_kernel 3.10.10
  • linux linux_kernel 3.10.11
  • linux linux_kernel 3.10.12
  • linux linux_kernel 3.10.13
  • linux linux_kernel 3.10.14
  • linux linux_kernel 3.10.15
  • linux linux_kernel 3.10.16
  • linux linux_kernel 3.10.17
  • linux linux_kernel 3.10.18
  • linux linux_kernel 3.11
  • linux linux_kernel 3.11.1
  • linux linux_kernel 3.11.2
  • linux linux_kernel 3.11.3
  • linux linux_kernel 3.11.4
  • linux linux_kernel 3.11.5
  • linux linux_kernel 3.11.6
  • linux linux_kernel 3.11.7
  • linux linux_kernel 3.12
  • microsoft windowsserver2008 -
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windowsserver2012 r2
  • microsoft windowsserver2016 -
  • microsoft windowsserver2016 1803
  • microsoft windowsserver2019 -

Ease of attack

CVE-2013-4563:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2018-8476:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8476