CVE-2017-17840

Name of the Vulnerable Software and Affected Versions Open-iSCSI versions prior to 2.0.876

Description A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths. This is due to a lack of checking, which can lead to buffer overflows. The process iscsid broadcast function in iscsiuio/src/unix/iscsid ipc.c does not validate the payload length before a write operation.

Recommendations For Open-iSCSI versions prior to 2.0.876, update to version 2.0.876 or later to resolve the issue. As a temporary workaround, consider restricting access to the iscsiuio server to minimize the risk of exploitation.