Fujita Tomonori

**Name of the Vulnerable Software and Affected Versions** Linux SCSI target framework versions prior to 1.0.6 iSCSI Enterprise Target versions prior to 1.4.20.1 Generic SCSI Target Subsystem for Linux versions prior to 1.0.1.1 **Description** The issue is related to multiple buffer overflows in the iSNS implementation. This can be exploited by remote attackers through a long iSCSI Name string in an SCN message or an invalid PDU, potentially causing a denial of service or allowing the execution of arbitrary code. **Recommendations** For Linux SCSI target framework versions prior to 1.0.6, update to version 1.0.6 or later. For iSCSI Enterprise Target versions prior to 1.4.20.1, update to version 1.4.20.1 or later. For Generic SCSI Target Subsystem for Linux versions prior to 1.0.1.1, update to version 1.0.1.1 or later.