Bug 1899502 (CVE-2020-13988) - CVE-2020-13988 Open-iSCSI: counter wraparound resulting in infinite loop
Summary: CVE-2020-13988 Open-iSCSI: counter wraparound resulting in infinite loop
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-13988
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1899975 1899976 1909057 1910570
Blocks: 1881303
TreeView+ depends on / blocked
 
Reported: 2020-11-19 12:33 UTC by Cedric Buissart
Modified: 2024-03-25 17:09 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-10-29 06:56:31 UTC
Embargoed:

Attachments (Terms of Use)

Description Cedric Buissart 2020-11-19 12:33:45 UTC 
Input validity was not checked in uIP (Micro IP) IPv4 TCP options parsing.

The function that parses the TCP MSS option does not check the validity of the length field of this option, allowing attackers to put it into an infinite loop, when arbitrary TCP MSS values are supplied.

listed potential impact: DoS by infinite loop
Comment 2 Cedric Buissart 2020-12-10 10:32:36 UTC 
External References:

https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Comment 3 Cedric Buissart 2020-12-10 16:27:10 UTC 
In Red Hat Enterprise Linux, uIP is used in the iscsiuio command, provided by iscsi-initiator-utils.

In RHEL, the command is used for connecting to an iSCSI NAS. It is expected that the attacker is a Person in the Middle, between the NAS and the RHEL machine.
As a consequence, this issue is currently rated Low.
Comment 4 Cedric Buissart 2020-12-18 09:10:57 UTC 
Created iscsi-initiator-utils tracking bugs for this issue:

Affects: fedora-all [bug 1909057]
Note You need to log in before you can comment on or make changes to this bug.