Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2013-2850
HistoryMay 30, 2013 - 12:00 a.m.

CVE-2013-2850

2013-05-3000:00:00
ubuntu.com
ubuntu.com
10

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.4%

JSON

Heap-based buffer overflow in the iscsi_add_notunderstood_response function
in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target
subsystem in the Linux kernel through 3.9.4 allows remote attackers to
cause a denial of service (memory corruption and OOPS) or possibly execute
arbitrary code via a long key that is not properly handled during
construction of an error-response packet.
A reproduction case requires patching open-iscsi to send overly large
keys. Performing discovery in a loop will Oops the remote server.
Attached is a proposed fix, and the patch I used in open-iscsi to trigger
it. Thanks in advance for your cooperation in coordinating a fix for
this issue,

Bugs

Notes

Author Note
jjohansen Patch not yet upstream

Related

nessus 16
suse 4
checkpoint_advisories 1
prion 1
ubuntu 8
openvas 60
cve 1
nvd 1
fedora 15
cvelist 1
debiancve 1
securityvulns 3
seebug 1
mageia 9
veracode 10
redhat 1
oraclelinux 1
nessus
nessus
SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7763 / 7766 / 7767)
2013-06-02 00:00:00
Ubuntu 12.04 LTS : linux vulnerability (USN-1844-1)
2013-05-31 00:00:00
openSUSE Security Update : kernel (openSUSE-SU-2013:1043-1)
2014-06-13 00:00:00
suse
suse
kernel (critical)
2013-06-19 11:05:52
kernel (critical)
2013-06-13 10:04:11
Security update for Linux kernel (critical)
2013-05-31 15:04:12
checkpoint_advisories
checkpoint_advisories
Linux Kernel iscsi_add_notunderstood_response Heap Buffer Overflow (CVE-2013-2850)
2013-06-24 00:00:00
prion
prion
Heap overflow
2013-06-07 14:03:00
ubuntu
ubuntu
Linux kernel vulnerability
2013-05-30 00:00:00
Linux kernel (Quantal HWE) vulnerability
2013-05-30 00:00:00
Linux kernel vulnerability
2013-05-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for kernel (openSUSE-SU-2013:1043-1)
2013-12-10 00:00:00
Ubuntu Update for linux USN-1846-1
2013-05-31 00:00:00
Ubuntu Update for linux USN-1847-1
2013-05-31 00:00:00
cve
cve
CVE-2013-2850
2013-06-07 14:03:19
nvd
nvd
CVE-2013-2850
2013-06-07 14:03:19
fedora
fedora
[SECURITY] Fedora 19 Update: kernel-3.9.4-301.fc19
2013-06-07 04:33:21
[SECURITY] Fedora 18 Update: kernel-3.9.5-201.fc18
2013-06-13 06:05:52
[SECURITY] Fedora 18 Update: kernel-3.9.9-201.fc18
2013-07-12 03:11:58
cvelist
cvelist
CVE-2013-2850
2013-06-07 10:00:00
debiancve
debiancve
CVE-2013-2850
2013-06-07 14:03:19
securityvulns
securityvulns
[USN-1844-1] Linux kernel vulnerability
2013-06-03 00:00:00
[ MDVSA-2013:194 ] kernel
2013-07-15 00:00:00
Linux kernel security vulnerabilities
2013-07-15 00:00:00
seebug
seebug
Linux Kernel "iscsi_add_notunderstood_response()"ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2013-06-03 00:00:00
mageia
mageia
Updated kernel-linus package fixes multiple security vulnerabilities
2013-07-16 12:05:14
Updated kernel-linus package fixes security issues
2013-07-16 11:32:10
Updated kernel packages fix multiple security vulnerabilities
2013-07-06 18:25:03
veracode
veracode
Privilege Escalation
2019-05-02 04:52:19
Denial Of Service (DoS)
2019-05-02 04:52:19
Privilege Escalation
2019-05-02 04:52:19
redhat
redhat
(RHSA-2013:1264) Important: kernel-rt security and bug fix update
2013-09-16 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security and bug fix update (Unbreakable Enterprise Kernel Release 3 QU1)
2014-02-11 00:00:00

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.4%

JSON
Related for UB:CVE-2013-2850
nessus16suse4checkpoint_advisories1prion1ubuntu8openvas60cve1nvd1fedora15cvelist1debiancve1securityvulns3seebug1mageia9veracode10redhat1oraclelinux1