Описание
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-2221
- https://access.redhat.com/errata/RHSA-2010:0518
- https://access.redhat.com/security/cve/CVE-2010-2221
- https://bugzilla.redhat.com/show_bug.cgi?id=593877
- http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html
- http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793
- http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793
- http://secunia.com/advisories/40485
- http://secunia.com/advisories/40494
- http://secunia.com/advisories/40495
- http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:131
- http://www.osvdb.org/65990
- http://www.osvdb.org/65991
- http://www.osvdb.org/65992
- http://www.redhat.com/support/errata/RHSA-2010-0518.html
- http://www.securityfocus.com/bid/41327
- http://www.securitytracker.com/id?1024175
- http://www.vupen.com/english/advisories/2010/1760
- http://www.vupen.com/english/advisories/2010/1786
Связанные уязвимости
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...
ELSA-2010-0518: scsi-target-utils security update (IMPORTANT)