Bug 1075965 (CVE-2018-5704) - VUL-0: CVE-2018-5704: openocd: Cross-protocol scripting vulnerability in telnet interface
Summary: VUL-0: CVE-2018-5704: openocd: Cross-protocol scripting vulnerability in teln...
Status: RESOLVED FIXED
Alias: CVE-2018-5704
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All All
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Andreas Färber
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/198290/
Whiteboard: CVSSv3:RedHat:CVE-2018-5704:8.8:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-15 10:54 UTC by Andreas Färber
Modified: 2024-07-25 14:03 UTC (History)
6 users (show)

See Also:
Found By: Third Party Developer/Partner
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Färber 2018-01-15 10:54:24 UTC 
On openocd-devel mailing list it has publicly been reported on Jan 12, 2018 that due to insufficient checks for unknown commands it is possible for a web browser to access a running OpenOCD telnet interface and potentially execute Tcl commands accessing USB- or network-attached JTAG programmers and therefore potentially reading and/or corrupting connected flash chips or on-chip flash of connected microcontrollers.

https://sourceforge.net/p/openocd/mailman/message/36188041/

All past versions of OpenOCD will be affected.
This will mainly affect openSUSE code streams.
Comment 2 Andreas Färber 2018-01-15 15:36:31 UTC 
The following upstream patches seem related:

http://openocd.zylin.com/4330 (server: telnet: fix comparison between signed and unsigned warning)
http://openocd.zylin.com/4331 (server: bind to IPv4 localhost by default)

http://openocd.zylin.com/4335 (Prevent some forms of Cross Protocol Scripting attacks)
Comment 6 Marcus Meissner 2018-01-15 16:39:28 UTC 
cve requested from mitre.
Comment 7 Marcus Meissner 2018-01-16 06:56:02 UTC 
CVE-2018-5704 assigned by Mitre.