heap buffer overflow on large key error for RHEL 4 servers vulnerable(CVE-2013-2850)
Issue
CVE-2013-2850 Details
The MITRE CVE dictionary describes this issue as:
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.
Environment
- Red Hat Enterprise Linux
- iSCSI target
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
