Linux Kernel "iscsi_add_notunderstood_response()" Buffer Overflow Vulnerability
Linux Kernel 3.0.x
Linux Kernel 3.2.x
Linux Kernel 3.4.x
Linux Kernel 3.9.x
A vulnerability has been reported in Linux Kernel.
The vulnerability is caused due to a boundary error within the "iscsi_add_notunderstood_response()" function (drivers/target/iscsi/iscsi_target_parameters.c) when parsing keys and can be exploited to cause a heap-based buffer overflow by sending overly long keys.
Successful exploitation requires that the iSCSI target is configured to listen on the network.
A remote attacker could use this flaw to escalate their privileges on the system.