PT-2013-3971 · Linux+1 · Linux Kernel+1

Kees Cook

Publicado

2013-05-30

Atualizado

2024-06-15

CVE-2013-2850

CVSS v2.0

7.9

Alta

Vetor

AV:A/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.9.4

Description A heap-based buffer overflow in the iscsi add notunderstood response function in the iSCSI target subsystem allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. A reproduction case requires patching open-iscsi to send overly large keys, and performing discovery in a loop can cause the remote server to crash.

Recommendations For Linux kernel versions through 3.9.4, update to a version later than 3.9.4 to resolve the issue. As a temporary workaround, consider restricting access to the iscsi add notunderstood response function to minimize the risk of exploitation. Avoid using long keys in the iSCSI target subsystem until the issue is resolved.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2013-2850

MGASA-2013-0203

MGASA-2013-0204

MGASA-2013-0209

MGASA-2013-0210

MGASA-2013-0211

MGASA-2013-0212

MGASA-2013-0213

MGASA-2013-0214

MGASA-2013-0215

OPENSUSE-SU-2013_1005-1

OPENSUSE-SU-2013_1042-1

OPENSUSE-SU-2013_1043-1

OPENSUSE-SU-2024:10128-1

RHSA-2013:1264

SUSE-SU-2013_0845-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1376-1

USN-1844-1

USN-1845-1

USN-1846-1

USN-1847-1

USN-1849-1

USN-1879-1

USN-1882-1

USN-1883-1

Produtos afetados

Linux Kernel

Suse

PT-2013-3971 · Linux+1 · Linux Kernel+1

CVE-2013-2850

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 151