kernel: code execution [LWN.net]

Package(s):

Linux kernel

CVE #(s):

CVE-2013-2850

Created:

May 31, 2013

Updated:

July 1, 2013

Description:

From the SUSE advisory:

CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code.

This required the iscsi target running on the machine and the attacker able to make a network connection to it (aka not filtered by firewalls).

Alerts:

SUSE	SUSE-SU-2013:0845-1	2013-05-31
Ubuntu	USN-1844-1	2013-05-30
Ubuntu	USN-1845-1	2013-05-30
Ubuntu	USN-1846-1	2013-05-30
Ubuntu	USN-1847-1	2013-05-30
Fedora	FEDORA-2013-10695	2013-06-13
openSUSE	openSUSE-SU-2013:1005-1	2013-06-13
Ubuntu	USN-1879-1	2013-06-14
Ubuntu	USN-1882-1	2013-06-14
Ubuntu	USN-1883-1	2013-06-14
openSUSE	openSUSE-SU-2013:1043-1	2013-06-19
openSUSE	openSUSE-SU-2013:1042-1	2013-06-19
openSUSE	openSUSE-SU-2013:1045-1	2013-06-19
CentOS	CESA-2013:0620	2013-06-21
Fedora	FEDORA-2013-9123	2013-07-01
Mageia	MGASA-2013-0203	2013-07-06
Mageia	MGASA-2013-0204	2013-07-09
Mageia	MGASA-2013-0210	2013-07-16
Mageia	MGASA-2013-0214	2013-07-16
Mageia	MGASA-2013-0211	2013-07-16
Mageia	MGASA-2013-0215	2013-07-16
Mageia	MGASA-2013-0209	2013-07-16
Mageia	MGASA-2013-0213	2013-07-16
Mageia	MGASA-2013-0212	2013-07-16
Mandriva	MDVSA-2013:194	2013-07-11
Red Hat	RHSA-2013:1264-01	2013-09-16

(Log in to post comments)

kernel: code execution

Posted Jun 6, 2013 14:54 UTC (Thu) by nix (subscriber, #2304) [Link]

There's NFS too (heck, that migrated into the kernel, many years ago, and everyone applauded because it worked much better in there than ever before).

kernel: code execution

Posted Jun 6, 2013 15:03 UTC (Thu) by justincormack (subscriber, #70439) [Link]

We got rid of tux though!