kernel-packages team mailing list archive

Thread
Date
[Bug 1185990] Re: CVE-2013-2850

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
Date: Thu, 26 Jun 2014 19:47:55 -0000
Reply-to: Bug 1185990 <1185990@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Description changed:

  Heap-based buffer overflow in the iscsi_add_notunderstood_response
  function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI
  target subsystem in the Linux kernel through 3.9.4 allows remote
  attackers to cause a denial of service (memory corruption and OOPS) or
  possibly execute arbitrary code via a long key that is not properly
  handled during construction of an error-response packet. A reproduction
  case requires patching open-iscsi to send overly large keys. Performing
  discovery in a loop will Oops the remote server. Attached is a proposed
  fix, and the patch I used in open-iscsi to trigger it. Thanks in advance
  for your cooperation in coordinating a fix for this issue,
  
- Break-Fix: e48354ce078c079996f89d715dfa44814b4eba01 local-2013-2850
+ Break-Fix: e48354ce078c079996f89d715dfa44814b4eba01
+ cea4dcfdad926a27a18e188720efe0f2c9403456

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1185990

Title:
  CVE-2013-2850

Status in “linux” package in Ubuntu:
  Confirmed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-natty” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-oneiric” package in Ubuntu:
  Invalid
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Fix Committed
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Invalid
Status in “linux-lts-backport-natty” source package in Lucid:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Lucid:
  Invalid
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Invalid
Status in “linux-lts-backport-natty” source package in Precise:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Precise:
  Invalid
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux” source package in Quantal:
  Fix Released
Status in “linux-armadaxp” source package in Quantal:
  Fix Released
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
  Invalid
Status in “linux-lts-backport-natty” source package in Quantal:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Quantal:
  Invalid
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Fix Committed
Status in “linux” source package in Raring:
  Fix Released
Status in “linux-armadaxp” source package in Raring:
  Invalid
Status in “linux-ec2” source package in Raring:
  Invalid
Status in “linux-fsl-imx51” source package in Raring:
  Invalid
Status in “linux-lts-backport-maverick” source package in Raring:
  Invalid
Status in “linux-lts-backport-natty” source package in Raring:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Raring:
  Invalid
Status in “linux-lts-quantal” source package in Raring:
  Invalid
Status in “linux-lts-raring” source package in Raring:
  Invalid
Status in “linux-mvl-dove” source package in Raring:
  Invalid
Status in “linux-ti-omap4” source package in Raring:
  Won't Fix
Status in “linux” source package in Saucy:
  Confirmed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Invalid
Status in “linux-lts-backport-natty” source package in Saucy:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Saucy:
  Invalid
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed

Bug description:
  Heap-based buffer overflow in the iscsi_add_notunderstood_response
  function in drivers/target/iscsi/iscsi_target_parameters.c in the
  iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote
  attackers to cause a denial of service (memory corruption and OOPS) or
  possibly execute arbitrary code via a long key that is not properly
  handled during construction of an error-response packet. A
  reproduction case requires patching open-iscsi to send overly large
  keys. Performing discovery in a loop will Oops the remote server.
  Attached is a proposed fix, and the patch I used in open-iscsi to
  trigger it. Thanks in advance for your cooperation in coordinating a
  fix for this issue,

  Break-Fix: e48354ce078c079996f89d715dfa44814b4eba01
  cea4dcfdad926a27a18e188720efe0f2c9403456

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1185990/+subscriptions