DescriptionAn issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs885021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
open-iscsi (PTS)jessie2.0.873+git0.3b4b4500-8+deb8u2vulnerable
buster, sid2.0.874-7.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
open-iscsisourcewheezy(not affected)


[stretch] - open-iscsi <no-dsa> (Minor issue)
[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
Specfic CVE fixed by
But all of the commits in
should be applied.
Not marking the issue as unimportant, since vulnerable source is present, but
not in all suites iscsiuio is built.

Search for package or bug name: Reporting problems