| Name | CVE-2017-17840 |
| Description | An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 885021 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| open-iscsi (PTS) | bullseye | 2.1.3-5 | fixed |
| bookworm | 2.1.8-1 | fixed |
| sid, trixie | 2.1.10-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| open-iscsi | source | wheezy | (not affected) | | | |
| open-iscsi | source | (unstable) | 2.0.874-5 | | | 885021 |
Notes
[stretch] - open-iscsi <no-dsa> (Minor issue)
[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
https://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
should be applied.
Not marking the issue as unimportant, since vulnerable source is present, but
not in all suites iscsiuio is built.