ID CVE-2011-0001
Summary Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:zaal:tgt:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:1.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:1.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:zaal:tgt:*:*:*:*:*:*:*:*
    cpe:2.3:a:zaal:tgt:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 667261
title CVE-2011-0001 scsi-target-utils: double-free vulnerability leads to pre-authenticated crash
oval
OR
  • AND
    • comment scsi-target-utils is earlier than 0:1.0.4-3.el6_0.1
      oval oval:com.redhat.rhsa:tst:20110332005
    • comment scsi-target-utils is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20110332006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment scsi-target-utils is earlier than 0:1.0.8-0.el5_6.1
      oval oval:com.redhat.rhsa:tst:20110332008
    • comment scsi-target-utils is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20100362003
rhsa
id RHSA-2011:0332
released 2011-03-09
severity Important
title RHSA-2011:0332: scsi-target-utils security update (Important)
rpms
  • scsi-target-utils-0:1.0.4-3.el6_0.1
  • scsi-target-utils-0:1.0.8-0.el5_6.1
refmap via4
bid 46817
confirm https://bugzilla.redhat.com/show_bug.cgi?id=667261
debian DSA-2209
misc https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
mlist [stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login
sectrack 1025184
secunia
  • 43706
  • 43713
suse SUSE-SR:2011:009
vupen ADV-2011-0636
xf lstf-iscsirxhandler-dos(66010)
Last major update 17-08-2017 - 01:33
Published 15-03-2011 - 17:55
Back to Top