First published: Tue May 28 2013(Updated: )
A flaw was found in the way Linux kernel's iSCSI target processed large keys. If a key was larger than 64 bytes, as checked by iscsi_check_key(), the error response packet, generated by iscsi_add_notunderstood_response(), would still attempt to copy the entire key into the packet, overflowing the structure on the heap. A remote attacker could use this flaw to escalate their privileges on the system. Acknowledgements: Red Hat would like to thank Kees Cook for reporting this issue.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Linux |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
REDHAT-BUG-968036 is classified as a high-severity vulnerability affecting the Linux kernel's iSCSI target.
To fix REDHAT-BUG-968036, apply the latest updates to the Red Hat Linux kernel that address the vulnerability.
REDHAT-BUG-968036 affects systems running the Red Hat Linux kernel that utilize the iSCSI target feature.
REDHAT-BUG-968036 is a buffer overflow vulnerability caused by improper handling of large keys in the iSCSI target.
Yes, if unpatched, REDHAT-BUG-968036 could potentially be exploited remotely by attackers to cause denial of service or other malicious actions.