CVE-2013-2850

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cea4dcfdad926a27a18e188720efe0f2c9403456

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00018.html

http://www.openwall.com/lists/oss-security/2013/06/01/2

http://www.ubuntu.com/usn/USN-1844-1

http://www.ubuntu.com/usn/USN-1845-1

http://www.ubuntu.com/usn/USN-1846-1

http://www.ubuntu.com/usn/USN-1847-1

https://bugzilla.redhat.com/show_bug.cgi?id=968036

https://github.com/torvalds/linux/commit/cea4dcfdad926a27a18e188720efe0f2c9403456

Details

Source: MITRE

Published: 2013-06-07

Updated: 2013-12-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.9

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.5

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
76665RHEL 6 : MRG (RHSA-2013:1264)NessusRed Hat Local Security Checks
high
75184openSUSE Security Update : kernel (openSUSE-SU-2013:1619-1)NessusSuSE Local Security Checks
high
75049openSUSE Security Update : kernel (openSUSE-SU-2013:1043-1)NessusSuSE Local Security Checks
high
75048openSUSE Security Update : kernel (openSUSE-SU-2013:1042-1)NessusSuSE Local Security Checks
high
75024openSUSE Security Update : kernel (openSUSE-SU-2013:1005-1)NessusSuSE Local Security Checks
high
72472Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002)NessusOracle Linux Local Security Checks
high
67351Fedora 17 : kernel-3.9.8-100.fc17 (2013-9123)NessusFedora Local Security Checks
high
67285Fedora 18 : kernel-3.9.5-201.fc18 (2013-10695)NessusFedora Local Security Checks
high
67264Fedora 19 : kernel-3.9.4-301.fc19 (2013-10050)NessusFedora Local Security Checks
high
67254Mandriva Linux Security Advisory : kernel (MDVSA-2013:194)NessusMandriva Local Security Checks
high
66742SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7763 / 7766 / 7767)NessusSuSE Local Security Checks
high
66715Ubuntu 13.04 : linux vulnerability (USN-1847-1)NessusUbuntu Local Security Checks
high
66714Ubuntu 12.10 : linux vulnerability (USN-1846-1)NessusUbuntu Local Security Checks
high
66713Ubuntu 12.04 LTS : linux-lts-quantal vulnerability (USN-1845-1)NessusUbuntu Local Security Checks
high
66712Ubuntu 12.04 LTS : linux vulnerability (USN-1844-1)NessusUbuntu Local Security Checks
high