First published: Thu Jul 27 2023(Updated: )
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-13987) Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior. (CVE-2020-13988) Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI incorrectly handled certain TCP data. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-17437)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/open-iscsi | <2.0.874-7.1ubuntu6.4 | 2.0.874-7.1ubuntu6.4 |
=20.04 | ||
All of | ||
ubuntu/open-iscsi | <2.0.874-5ubuntu2.11+esm1 | 2.0.874-5ubuntu2.11+esm1 |
=18.04 | ||
All of | ||
ubuntu/open-iscsi | <2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 | 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this Open-iSCSI vulnerability is CVE-2020-13987.
The severity of the Open-iSCSI vulnerability is not mentioned in the information provided.
An attacker can exploit the Open-iSCSI vulnerability by using the incorrect handling of certain checksums for IP packets to expose sensitive information.
Open-iSCSI versions 2.0.874-7.1ubuntu6.4, 2.0.874-5ubuntu2.11+esm1, and 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 are affected by this vulnerability.
To fix the Open-iSCSI vulnerability, update the open-iscsi package to versions 2.0.874-7.1ubuntu6.4, 2.0.874-5ubuntu2.11+esm1, or 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1, depending on your Ubuntu version.