** Description changed: - The flaw is an unauthenticated remote heap buffer overflow in the Linux - iSCSI target subsystem. If there is a target configured and listening on - the network, a remote attacker can corrupt heap memory, and almost - certainly gain kernel execution control. I only got as far as proving it - would Oops the server. A reproduction case requires patching open-iscsi - to send overly large keys. Performing discovery in a loop will Oops the - remote server. Attached is a proposed fix, and the patch I used in open- - iscsi to trigger it. Thanks in advance for your cooperation in - coordinating a fix for this issue, + Heap-based buffer overflow in the iscsi_add_notunderstood_response + function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI + target subsystem in the Linux kernel through 3.9.4 allows remote + attackers to cause a denial of service (memory corruption and OOPS) or + possibly execute arbitrary code via a long key that is not properly + handled during construction of an error-response packet. A reproduction + case requires patching open-iscsi to send overly large keys. Performing + discovery in a loop will Oops the remote server. Attached is a proposed + fix, and the patch I used in open-iscsi to trigger it. Thanks in advance + for your cooperation in coordinating a fix for this issue, Break-Fix: e48354ce078c079996f89d715dfa44814b4eba01 local-2013-2850
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1185990 Title: CVE-2013-2850 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1185990/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
