oss-sec mailing list archives
CVE-2013-2850: Linux kernel iSCSI target heap overflow
From: Kees Cook <keescook () chromium org>
Date: Sat, 1 Jun 2013 09:54:01 -0700
I found an unauthenticated remote heap buffer overflow in the Linux iSCSI target subsystem. If there is a target configured and listening on the network, a remote attacker can corrupt heap memory, and almost certainly gain kernel execution control. I only got as far as proving it could Oops the server. It has been fixed in the upstream iscsi tree: http://git.kernel.org/cgit/linux/kernel/git/nab/target-pending.git/commit/?id=cea4dcfdad926a27a18e188720efe0f2c9403456 A follow-up has been posted fixing similar anti-pattern uses of strncpy(dst, src, strlen(src)) in the rest of the kernel: https://lkml.org/lkml/2013/5/31/406 Thanks, -Kees -- Kees Cook Chrome OS Security
Current thread:
- CVE-2013-2850: Linux kernel iSCSI target heap overflow Kees Cook (Jun 01)