Emmanuel Bouillon reported a double-free flaw in scsi-target-utils that could cause the tgtd daemon to crash with memory corruption on receipt of certain network traffic, leading to a denial of service condition. Acknowledgements: Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue.
Adding upstream; have forwarded to him the details.
Created attachment 473779 [details] fix the buffer overflow bug before iscsi login
I can confirm this patch fixes the problem.
Verified for async errata.
Did this fix ever make it upstream? My records show it's still embargoed.
Can I merge this fix into the public tree? I've been waiting for someone at RedHat to let me know the day when I can make this public.
An unembargo date was never negotiated as far as I can recall. Perhaps we could set a date for next week, perhaps Wednesday or Thursday (the 9th or 10th)?
Either is fine by me
Dear all, If you ever happen to include an acknowledgement, please also mention my employer: NATO C3 Agency. B.R. Emmanuel Bouillon
(In reply to comment #11) > If you ever happen to include an acknowledgement, please also mention my > employer: NATO C3 Agency. Thank you for that, we will certainly do so. In terms of disclosure, let's make it for this coming Wednesday (March 9th) at 14:00 EST. Does that sound good?
Sounds good to me. I'll merge the fix into the public git tree after the time.
Perfect. Thank you!
This is now public, so upstream merges can take place any time now: http://svn.debian.org/wsvn/kernel/dists/trunk/tgt/debian/patches/CVE-2011-0001
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:0332 https://rhn.redhat.com/errata/RHSA-2011-0332.html