| Summary: | Kernel : "iscsi_add_notunderstood_response()" Buffer Overflow Vulnerability (CVE-2013-2850) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kernel |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/53670/ | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
CVE-2013-2850 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2850): Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. In 3.10 onwards |
From ${URL} : Description A vulnerability has been reported in Linux Kernel, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "iscsi_add_notunderstood_response()" function (drivers/target/iscsi/iscsi_target_parameters.c) when parsing keys and can be exploited to cause a heap-based buffer overflow by sending overly long keys. Successful exploitation requires that the iSCSI target is configured to listen on the network. Solution Fixed in the GIT repository. Further details available to Secunia VIM customers Provided and/or discovered by The vendor credits Kees Cook. Original Advisory http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2850.html https://bugzilla.redhat.com/show_bug.cgi?id=968036