** Description changed: Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. A reproduction case requires patching open-iscsi to send overly large keys. Performing discovery in a loop will Oops the remote server. Attached is a proposed fix, and the patch I used in open-iscsi to trigger it. Thanks in advance for your cooperation in coordinating a fix for this issue, - Break-Fix: e48354ce078c079996f89d715dfa44814b4eba01 local-2013-2850 + Break-Fix: e48354ce078c079996f89d715dfa44814b4eba01 + cea4dcfdad926a27a18e188720efe0f2c9403456
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1185990 Title: CVE-2013-2850 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1185990/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
