PT-2010-3823 · Linux+1 · Generic Scsi Target Subsystem For Linux+2
Fujita Tomonori
·
Publicado
2010-07-08
·
Atualizado
2023-02-13
·
CVE-2010-2221
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Linux SCSI target framework versions prior to 1.0.6
iSCSI Enterprise Target versions prior to 1.4.20.1
Generic SCSI Target Subsystem for Linux versions prior to 1.0.1.1
Description
The issue is related to multiple buffer overflows in the iSNS implementation. This can be exploited by remote attackers through a long iSCSI Name string in an SCN message or an invalid PDU, potentially causing a denial of service or allowing the execution of arbitrary code.
Recommendations
For Linux SCSI target framework versions prior to 1.0.6, update to version 1.0.6 or later.
For iSCSI Enterprise Target versions prior to 1.4.20.1, update to version 1.4.20.1 or later.
For Generic SCSI Target Subsystem for Linux versions prior to 1.0.1.1, update to version 1.0.1.1 or later.
Correção
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Generic Scsi Target Subsystem For Linux
Linux Scsi Target Framework
Red Hat