CVE-2017-17840

NameCVE-2017-17840
DescriptionAn issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs885021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
open-iscsi (PTS)bullseye2.1.3-5fixed
bookworm2.1.8-1fixed
sid, trixie2.1.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
open-iscsisourcewheezy(not affected)
open-iscsisource(unstable)2.0.874-5885021

Notes

[stretch] - open-iscsi <no-dsa> (Minor issue)
[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
https://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
should be applied.
Not marking the issue as unimportant, since vulnerable source is present, but
not in all suites iscsiuio is built.

Search for package or bug name: Reporting problems