CVE-2017-17840

NameCVE-2017-17840
DescriptionAn issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs885021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
open-iscsi (PTS)jessie2.0.873+git0.3b4b4500-8+deb8u2vulnerable
stretch2.0.874-3~deb9u1vulnerable
buster, sid2.0.874-7.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
open-iscsisource(unstable)2.0.874-5medium885021
open-iscsisourcewheezy(not affected)

Notes

[stretch] - open-iscsi <no-dsa> (Minor issue)
[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
http://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
should be applied.
Not marking the issue as unimportant, since vulnerable source is present, but
not in all suites iscsiuio is built.

Search for package or bug name: Reporting problems