CVE-2019-18903 – A use-after-free vulnerability in the wicked ne... (How to Fix)

Q: What is the severity of CVE-2019-18903?

CVE-2019-18903 has a CVSS score of 7.5 (HIGH). A use-after-free vulnerability in the wicked network configuration service for SUSE Linux systems allows remote attackers to cause denial of service or potentially execute arbitrary code. This affects SUSE Linux Enterprise Server 12 and 15, openSUSE Leap 15.1, and openSUSE Factory systems running vulnerable versions of wicked.

📋 TL;DR

A use-after-free vulnerability in the wicked network configuration service for SUSE Linux systems allows remote attackers to cause denial of service or potentially execute arbitrary code. This affects SUSE Linux Enterprise Server 12 and 15, openSUSE Leap 15.1, and openSUSE Factory systems running vulnerable versions of wicked.

💻 Affected Systems

Products:

wicked network configuration service

Versions: SUSE Linux Enterprise Server 12: versions prior to 0.6.60-2.18.1; SUSE Linux Enterprise Server 15: versions prior to 0.6.60-28.26.1; openSUSE Leap 15.1: versions prior to 0.6.60-lp151.2.9.1; openSUSE Factory: versions prior to 0.6.62

Operating Systems: SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, openSUSE Leap 15.1, openSUSE Factory

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using wicked for network configuration are vulnerable. The service typically runs with elevated privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete system compromise

🟠

Likely Case

Denial of service causing network service disruption and system instability

🟢

If Mitigated

Limited impact if network exposure is restricted and proper segmentation is in place

🌐 Internet-Facing: MEDIUM - Requires network access to wicked service which may be exposed on some configurations

🏢 Internal Only: MEDIUM - Internal attackers could exploit if wicked service is accessible on network

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Use-after-free vulnerabilities require specific memory manipulation knowledge but remote exploitation is possible. No public exploit code was found in initial research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SUSE Linux Enterprise Server 12: 0.6.60-2.18.1 or later; SUSE Linux Enterprise Server 15: 0.6.60-28.26.1 or later; openSUSE Leap 15.1: 0.6.60-lp151.2.9.1 or later; openSUSE Factory: 0.6.62 or later

Vendor Advisory: https://bugzilla.suse.com/show_bug.cgi?id=1160904

Restart Required: Yes

Instructions:

1. Update system packages using 'sudo zypper update wicked' 2. Restart wicked service with 'sudo systemctl restart wicked' 3. Verify service is running with 'sudo systemctl status wicked'

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to wicked service using firewall rules

sudo firewall-cmd --permanent --remove-service=wicked
sudo firewall-cmd --reload

Service Disablement

linux

Disable wicked service if not required for system operation

sudo systemctl stop wicked
sudo systemctl disable wicked

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Monitor system logs for unusual wicked service activity and crashes

🔍 How to Verify

Check if Vulnerable:

Check wicked version with 'rpm -q wicked' and compare against patched versions

Check Version:

rpm -q wicked

Verify Fix Applied:

Verify version is updated and service is running without crashes

📡 Detection & Monitoring

Log Indicators:

wicked service crashes in system logs
unexpected memory access errors related to wicked

Network Indicators:

unusual network traffic to wicked service port
connection attempts to wicked from unexpected sources

SIEM Query:

process.name:"wicked" AND (event.action:"crash" OR event.outcome:"failure")

📊 Metadata

CVE ID: CVE-2019-18903

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: March 2, 2020

Last Updated: November 21, 2024

🔗 References

https://bugzilla.suse.com/show_bug.cgi?id=1160904 Issue Tracking,Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1160904 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18903, you might also want to check these: