CVE-2010-0743

Name of the Vulnerable Software and Affected Versions iscsitarget versions prior to 1.4.19 iscsitarget versions 0.4.16 and earlier Linux SCSI target framework versions 1.0.3, 0.9.5, and earlier

Description The issue involves multiple vulnerabilities in the iscsitarget package that can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The vulnerabilities are related to format string issues in the isns.c file, specifically involving the isns attr query and qry rsp handle functions, and are tied to client appearance and disappearance messages. This can cause a denial of service, such as the tgtd daemon crashing, or potentially have other unspecified impacts.

Recommendations For iscsitarget versions prior to 1.4.19, update to version 1.4.19 or later. For iscsitarget versions 0.4.16 and earlier, update to a version later than 0.4.16. For Linux SCSI target framework versions 1.0.3, 0.9.5, and earlier, update to a version later than 1.0.3 and 0.9.5. As a temporary workaround, consider restricting access to the iscsitarget service until a patch is available.