Bug 1899855 (CVE-2020-17437) - CVE-2020-17437 Open-iSCSI: invalid handing of the TCP urgent data pointer
Summary: CVE-2020-17437 Open-iSCSI: invalid handing of the TCP urgent data pointer
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-17437
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1899973 1899978 1909061 1910569
Blocks: 1881303
TreeView+ depends on / blocked
 
Reported: 2020-11-20 09:03 UTC by Cedric Buissart
Modified: 2021-10-29 06:59 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-29 06:59:30 UTC


Attachments (Terms of Use)

Description Cedric Buissart 2020-11-20 09:03:07 UTC
A missing boundary check was found in uIP (Micro IP) TCP packet processing

When handling TCP Urgent data, there are no sanity checks for the value of the Urgent data pointer, allowing attackers to corrupt memory by supplying arbitrary Urgent data pointer offsets within TCP packets.

Listed potential impact: DoS

Comment 4 Cedric Buissart 2020-12-10 16:27:16 UTC
In Red Hat Enterprise Linux, uIP is used in the iscsiuio command, provided by iscsi-initiator-utils.

In RHEL, the command is used for connecting to an iSCSI NAS. It is expected that the attacker is a Person in the Middle, between the NAS and the RHEL machine.
As a consequence, this issue is currently rated Low.

Comment 6 Cedric Buissart 2020-12-18 09:13:45 UTC
Created iscsi-initiator-utils tracking bugs for this issue:

Affects: fedora-all [bug 1909061]


Note You need to log in before you can comment on or make changes to this bug.