PT-2011-1055 · Lio+1 · Scsi-Target-Utils+2

Emmanuel Bouillon

Published

2011-03-09

Updated

2023-02-13

CVE-2011-0001

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions scsi-target-utils versions prior to 1.0.14 tgt versions prior to 1.0.14

Description The issue is related to a double free vulnerability in the iscsi rx handler function, which can lead to memory corruption and a crash, potentially allowing remote attackers to execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. The vulnerability can be exploited remotely, leading to a denial of service and possible arbitrary code execution.

Recommendations For scsi-target-utils versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. For tgt versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the tgtd daemon until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-03558

BDU:2015-07096

BDU:2015-07097

BDU:2015-07098

BDU:2015-08669

BDU:2015-08670

BDU:2015-08671

CVE-2011-0001

DSA-2209-1

RHSA-2011:0332

RHSA-2011_0332

Affected Products

Red Hat

Scsi-Target-Utils

Tgt

PT-2011-1055 · Lio+1 · Scsi-Target-Utils+2

CVE-2011-0001

Weakness Enumeration

Related Identifiers

Affected Products

References · 30