PT-2021-19281 · Unknown+3 · Open-Iscsi Tcmu-Runner+3

David Disseldorp

Published

2021-01-13

Updated

2021-01-28

CVE-2021-3139

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Open-iSCSI tcmu-runner versions 1.3.x through 1.5.2

Description The issue allows remote attackers to read or write files via directory traversal in an XCOPY request, due to a lack of check for transport-layer restrictions in the xcopy locate udev function in tcmur cmd handler.c. This can occur if an attacker has access to one iSCSI LUN, potentially over a network.

Recommendations For Open-iSCSI tcmu-runner versions 1.3.x through 1.5.2, consider restricting access to the xcopy locate udev function in tcmur cmd handler.c until a patch is available. As a temporary workaround, restrict the use of XCOPY requests to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-3139

OPENSUSE-SU-2021:0097-1

OPENSUSE-SU-2021:0128-1

OPENSUSE-SU-2021_0097-1

OPENSUSE-SU-2021_0128-1

RHSA-2021:1452

RHSA-2021:1518

SUSE-SU-2021:0093-1

SUSE-SU-2021:0143-1

SUSE-SU-2021:0158-1

SUSE-SU-2021_0158-1

USN-4707-1

Affected Products

Linuxmint

Open-Iscsi Tcmu-Runner

Suse

Ubuntu

PT-2021-19281 · Unknown+3 · Open-Iscsi Tcmu-Runner+3

CVE-2021-3139

Weakness Enumeration

Related Identifiers

Affected Products

References · 30