CVE-2018-10238 : Security Advisory and Response

This CVE-2018-10238 article provides insights into a Buffer Overflow vulnerability in the skarg BACnet Protocol Stack versions 0.9.1 and 0.8.5, affecting the bacserv BACnet/IP BVLC forwarded NPDU component.

Understanding CVE-2018-10238

This vulnerability, identified on April 20, 2018, poses a security risk due to a lack of validation for packet sizes, leading to a Buffer Overflow.

What is CVE-2018-10238?

The vulnerability in the skarg BACnet Protocol Stack versions 0.9.1 and 0.8.5, specifically in the bacserv BACnet/IP BVLC forwarded NPDU component, results from a Buffer Overflow caused by inadequate validation for packet sizes.

The Impact of CVE-2018-10238

The vulnerability allows attackers to execute malicious code through a BACnet/IP device with BBMD enabled, connected to an IP network, potentially compromising the system's security.

Technical Details of CVE-2018-10238

This section delves into the technical aspects of the CVE-2018-10238 vulnerability.

Vulnerability Description

The Buffer Overflow occurs when the function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu(), copying content from the request into a local stack frame in bvlc_bdt_forward_npdu(), affecting the canary.

Affected Systems and Versions

Skarg BACnet Protocol Stack versions 0.9.1 and 0.8.5

Exploitation Mechanism

Attack executed through a BACnet/IP device with BBMD enabled
Connected to an IP network

Mitigation and Prevention

Protecting systems from CVE-2018-10238 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update to version 0.8.6 of the library to mitigate the vulnerability
Disable BBMD on BACnet/IP devices if not essential

Long-Term Security Practices

Regularly monitor and update software libraries and components
Implement network segmentation to limit the impact of potential attacks

Patching and Updates

Apply security patches promptly to address known vulnerabilities