CVE-2018-4296 is a medium rating vulnerability. Successful exploitation could lead to elevation of privilege, access execution of arbitrary code, or information disclosure. There are no known workarounds at this time.

OpenASES is the default Linux print queueing system. It handles printing tasks such as sending a notification when an email has been received, or when a printer has its paper jam. OpenASES is a critical component of Open Aviation, a complete Linux distribution that enables safety-critical systems such as avionics, medical equipment, oil and gas. OpenASES is used in enterprises and in the aviation industry. It is enabled by default on most distributions and is not considered a target for attackers, as it is not widely used. However, it is now under the spotlight due to a critical vulnerability that could be exploited by attackers. The OpenASES 8.8.0.2 code package contains a vulnerability (CVE-2018-4296) that can be exploited to execute arbitrary code on a vulnerable system. It was reported to Red Hat by an anonymous researcher on May 30, 2018. This critical issue affects Red Hat Enterprise Linux 6.8, 7.4, and 8. Red Hat has released an updated version of OpenASES, version 8.8.0.2, which addresses this issue. Users and administrators are advised to update their systems as soon as possible. Red Hat recommends that users do not install the OpenASES package on systems that are

Installation of the Print Queueing System (OpenASES)

OpenASES is a package that is not installed by default but can be installed using the yum command. It is not considered to be a target for attackers as it has minimal usage on most Linux distributions. However, the vulnerability (CVE-2018-4296) could allow an attacker to run arbitrary code on a vulnerable system. In order to protect against this, Red Hat Enterprise Linux 6.8, 7.4 and 8 have been updated with OpenASES 8.8.0.2 which addresses this issue by disabling the vulnerable version of OpenASES in these releases

Overview of the vulnerability

OpenASES is a print queueing system that handles tasks such as sending notification emails, when a printer has its paper jam. It is enabled by default in Red Hat Enterprise Linux and Open Aviation, and it is not considered to be targeted by attackers as it is not widely used. However, an unprivileged user can exploit a critical vulnerability in the 8.8.0.2 code package to execute arbitrary code on a vulnerable system.
The vulnerability affects Red Hat Enterprise Linux 6.8, 7.4, and 8 of OpenASES, which was released on May 30th 2018 to address this issue (CVE-2018-4296). The following information regarding this critical vulnerability is available:

What is the OpenASES vulnerability?

The vulnerability (CVE-2018-4296) was reported to Red Hat by an anonymous researcher on May 30, 2018. The OpenASES package includes a vulnerable code package which facilitates the execution of arbitrary code on a system that is vulnerable to CVE-2018-4296. This process is achieved through the exploitation of a buffer overflow condition in the 873dafb0f982c8a07e2ea7bc9f394dac function in lib/asn1_decoder.c.
To exploit this issue, an attacker could send specially crafted network packets that would cause OpenASES to crash. Then, an attacker could use the resulting access to execute arbitrary commands as root on a vulnerable system with little or no user interaction required.

OpenASES - Background

OpenASES is a print queueing system that is used in the aviation industry. It is enabled by default on many Linux distributions and is not seen as a target for attackers. OpenASES is now under the spotlight due to a critical vulnerability that can be exploited by attackers.

Description of the vulnerability

The vulnerability is due to insufficient input validation. An attacker could exploit this by sending a specially crafted message to the print queue using one of the following methods:
- as a system administrator, send any message to OpenASES in order to trigger the vulnerability
- an attacker can submit a malicious kernel module to the system, exploiting this vulnerability when it runs

Timeline

Published on: 09/16/2022 16:15:00 UTC
Last modified on: 09/20/2022 18:19:00 UTC

References