ID CVE-2011-0001
Summary Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:zaal:tgt:1.0.6
    cpe:2.3:a:zaal:tgt:1.0.6
  • cpe:2.3:a:zaal:tgt:1.0.7
    cpe:2.3:a:zaal:tgt:1.0.7
  • cpe:2.3:a:zaal:tgt:1.0.8
    cpe:2.3:a:zaal:tgt:1.0.8
  • cpe:2.3:a:zaal:tgt:1.0.9
    cpe:2.3:a:zaal:tgt:1.0.9
  • cpe:2.3:a:zaal:tgt:1.0.10
    cpe:2.3:a:zaal:tgt:1.0.10
  • cpe:2.3:a:zaal:tgt:1.0.11
    cpe:2.3:a:zaal:tgt:1.0.11
  • cpe:2.3:a:zaal:tgt:1.0.12
    cpe:2.3:a:zaal:tgt:1.0.12
  • cpe:2.3:a:zaal:tgt:1.0.13
    cpe:2.3:a:zaal:tgt:1.0.13
  • cpe:2.3:a:zaal:tgt:0.9.5
    cpe:2.3:a:zaal:tgt:0.9.5
  • cpe:2.3:a:zaal:tgt:1.0.4
    cpe:2.3:a:zaal:tgt:1.0.4
  • cpe:2.3:a:zaal:tgt:1.0.0
    cpe:2.3:a:zaal:tgt:1.0.0
  • cpe:2.3:a:zaal:tgt:1.0.5
    cpe:2.3:a:zaal:tgt:1.0.5
  • cpe:2.3:a:zaal:tgt:1.0.1
    cpe:2.3:a:zaal:tgt:1.0.1
  • cpe:2.3:a:zaal:tgt:1.0.2
    cpe:2.3:a:zaal:tgt:1.0.2
  • cpe:2.3:a:zaal:tgt:1.0.3
    cpe:2.3:a:zaal:tgt:1.0.3
CVSS
Base: 5.0 (as of 15-03-2011 - 14:15)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1156-1.NASL
    description It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. (CVE-2010-2221) Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2011-0001). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55283
    published 2011-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55283
    title Ubuntu 10.10 / 11.04 : tgt vulnerabilities (USN-1156-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110309_SCSI_TARGET_UTILS_ON_SL5_X.NASL
    description A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) All running scsi-target-utils services must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60983
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60983
    title Scientific Linux Security Update : scsi-target-utils on SL5.x, SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0332.NASL
    description From Red Hat Security Advisory 2011:0332 : An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 68223
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68223
    title Oracle Linux 5 / 6 : scsi-target-utils (ELSA-2011-0332)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0332.NASL
    description An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53426
    published 2011-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53426
    title CentOS 5 : scsi-target-utils (CESA-2011:0332)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8890.NASL
    description fix double-free vulnerability leads to pre-authenticated crash fix iscsi target outgoing user binding broken unexpectedly Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 55546
    published 2011-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55546
    title Fedora 15 : scsi-target-utils-1.0.18-1.fc15 (2011-8890)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0332.NASL
    description An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52605
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52605
    title RHEL 5 / 6 : scsi-target-utils (RHSA-2011:0332)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_TGT-110418.NASL
    description This update of tgt fixes multiple bugs : - tgtadm user unbind broken [bnc#633111] - iscsitarget package not supported [bnc#513934] - iscsitarget vs. tgt (and /etc/ietd.conf) [bnc#598927] - tgt fix double free() flaw [bnc#665415, CVE-2011-0001]
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 53638
    published 2011-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53638
    title SuSE 11.1 Security Update : tgt (SAT Patch Number 4409)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2209.NASL
    description Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service. The oldstable distribution (lenny) doesn't include tgt.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53259
    published 2011-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53259
    title Debian DSA-2209-1 : tgt - double free
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-8930.NASL
    description fix double-free vulnerability leads to pre-authenticated crash fix iscsi target outgoing user binding broken unexpectedly Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 55559
    published 2011-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55559
    title Fedora 14 : scsi-target-utils-1.0.18-1.fc14 (2011-8930)
redhat via4
advisories
bugzilla
id 667261
title CVE-2011-0001 scsi-target-utils: double-free vulnerability leads to pre-authenticated crash
oval
OR
  • AND
    • comment scsi-target-utils is earlier than 0:1.0.4-3.el6_0.1
      oval oval:com.redhat.rhsa:tst:20110332005
    • comment scsi-target-utils is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20110332006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment scsi-target-utils is earlier than 0:1.0.8-0.el5_6.1
      oval oval:com.redhat.rhsa:tst:20110332008
    • comment scsi-target-utils is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20100362003
rhsa
id RHSA-2011:0332
released 2011-03-09
severity Important
title RHSA-2011:0332: scsi-target-utils security update (Important)
rpms
  • scsi-target-utils-0:1.0.4-3.el6_0.1
  • scsi-target-utils-0:1.0.8-0.el5_6.1
refmap via4
bid 46817
confirm https://bugzilla.redhat.com/show_bug.cgi?id=667261
debian DSA-2209
misc https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
mlist [stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login
sectrack 1025184
secunia
  • 43706
  • 43713
suse SUSE-SR:2011:009
vupen ADV-2011-0636
xf lstf-iscsirxhandler-dos(66010)
Last major update 20-02-2014 - 23:39
Published 15-03-2011 - 13:55
Last modified 16-08-2017 - 21:33
Back to Top