Date: Sat, 1 Jun 2013 09:54:01 -0700 From: Kees Cook <keescook@...omium.org> To: oss-security@...ts.openwall.com Subject: CVE-2013-2850: Linux kernel iSCSI target heap overflow I found an unauthenticated remote heap buffer overflow in the Linux iSCSI target subsystem. If there is a target configured and listening on the network, a remote attacker can corrupt heap memory, and almost certainly gain kernel execution control. I only got as far as proving it could Oops the server. It has been fixed in the upstream iscsi tree: http://git.kernel.org/cgit/linux/kernel/git/nab/target-pending.git/commit/?id=cea4dcfdad926a27a18e188720efe0f2c9403456 A follow-up has been posted fixing similar anti-pattern uses of strncpy(dst, src, strlen(src)) in the rest of the kernel: https://lkml.org/lkml/2013/5/31/406 Thanks, -Kees -- Kees Cook Chrome OS Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ