CVE-2011-0001

Name of the Vulnerable Software and Affected Versions scsi-target-utils versions prior to 1.0.14 tgt versions prior to 1.0.14

Description The issue is related to a double free vulnerability in the iscsi rx handler function, which can lead to memory corruption and a crash, potentially allowing remote attackers to execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. The vulnerability can be exploited remotely, leading to a denial of service and possible arbitrary code execution.

Recommendations For scsi-target-utils versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. For tgt versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the tgtd daemon until a patch is available.