CVE-2017-17840

EUVD-2017-8987

27.12.2017, 17:08

An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 36%

Affected Products (NVD)

Vendor	Product	Version
open-iscsi_project	open-iscsi	𝑥 ≤ 2.0.875

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

open-iscsi

bookworm	2.1.8-1 fixed
bullseye	2.1.3-5 fixed
jessie	ignored
sid	2.1.10-1 fixed
stretch	no-dsa
trixie	2.1.10-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

open-iscsi

artful	ignored
bionic	not-affected
cosmic	not-affected
trusty	not-affected
xenial	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.openwall.com/lists/oss-security/2017/12/13/2

https://bugzilla.opensuse.org/show_bug.cgi?id=1072312

http://www.openwall.com/lists/oss-security/2017/12/13/2

https://bugzilla.opensuse.org/show_bug.cgi?id=1072312