CVE-2019-18904
Migrations requests can cause DoS on rmt
In short
The RMT (Repository Mirroring Tool) server can be overwhelmed and stop working when an attacker sends many migration requests. This makes the service unavailable to legitimate users.
Technical detail
A resource consumption vulnerability in rmt-server allows unauthenticated remote attackers to exhaust server resources by sending repeated migration requests, triggering a denial-of-service condition. The vulnerability exists due to insufficient rate limiting or resource checks on migration request handling.
Summary generated and translated by AI from the official description.
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
openSUSE · openSUSE Leap 15.1SUSE · SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE · SUSE Linux Enterprise High Performance Computing 15-LTSSSUSE · SUSE Linux Enterprise Module for Public Cloud 15-SP1SUSE · SUSE Linux Enterprise Module for Server Applications 15SUSE · SUSE Linux Enterprise Module for Server Applications 15-SP1SUSE · SUSE Linux Enterprise Server 15-LTSSSUSE · SUSE Linux Enterprise Server for SAP 15Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →