CVE-2010-2221

 

Published at: - 08-07-2010 08:30

Last modified: - 23-01-2023 07:44

Total changes: - 8

Description

Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

 

Verification logic

 

Reference

• 20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow-
• 65990-
• http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793
• https://bugzilla.redhat.com/show_bug.cgi?id=593877
• [stgt] 20100701 1.0.6 released-
• 40485-Vendor Advisory
• 20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow-
• 65991-
• http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793
• 40494-Vendor Advisory
• 65992-
• [iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking-
• 40495-Vendor Advisory
• 41327-
• RHSA-2010:0518-
• ADV-2010-1760-
• MDVSA-2010:131-
• 1024175-
• ADV-2010-1786-
• SUSE-SR:2010:017-

 

Keywords

NVD

 

CVE-2010-2221

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures