PT-2010-3823 · Linux+1 · Generic Scsi Target Subsystem For Linux+2
Fujita Tomonori
·
Published
2010-07-08
·
Updated
2023-02-13
·
CVE-2010-2221
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Linux SCSI target framework versions prior to 1.0.6
iSCSI Enterprise Target versions prior to 1.4.20.1
Generic SCSI Target Subsystem for Linux versions prior to 1.0.1.1
Description
The issue is related to multiple buffer overflows in the iSNS implementation. This can be exploited by remote attackers through a long iSCSI Name string in an SCN message or an invalid PDU, potentially causing a denial of service or allowing the execution of arbitrary code.
Recommendations
For Linux SCSI target framework versions prior to 1.0.6, update to version 1.0.6 or later.
For iSCSI Enterprise Target versions prior to 1.4.20.1, update to version 1.4.20.1 or later.
For Generic SCSI Target Subsystem for Linux versions prior to 1.0.1.1, update to version 1.0.1.1 or later.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Generic Scsi Target Subsystem For Linux
Linux Scsi Target Framework
Red Hat