heap buffer overflow on large key error for RHEL 4 servers vulnerable(CVE-2013-2850)

Solution Unverified - Updated -

Issue

CVE-2013-2850 Details

The MITRE CVE dictionary describes this issue as:
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.

Environment

  • Red Hat Enterprise Linux
  • iSCSI target

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content