Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24169
HistoryJul 06, 2010 - 12:00 a.m.

TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow

2010-07-0600:00:00
vulners.com
11
JSON

iSCSI target Multiple Implementations iSNS Stack Buffer Overflow

TSL ID: FSC20100701-01

  1. Affected Software

iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior

References:

http://iscsitarget.sourceforge.net/
http://scst.sourceforge.net/
http://stgt.sourceforge.net/

  1. Vulnerability Summary

A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise
Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote
attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.

  1. Vulnerability Analysis

Successful exploitation of this vulnerability can result in a complete compromise of the target system. In an
unsuccessful attack attempt, the vulnerable system may abnormally terminate.

  1. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior

  1. Workaround

Disable or uninstall the affected module.

  1. Vendor Response

Patches have been made available to eliminate this vulnerability:

http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel

  1. Disclosure Timeline

2010-05-18 Reported to vendor
2010-05-18 Initial vendor response
2010-07-01 Coordinated public disclosure

  1. Credits

Vulnerability Research Team, TELUS Security Labs

  1. References

CVE: CVE-2010-2221
Vendor: Not available

  1. About TELUS Security Labs

TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security research. Our
research services include:

* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)

TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with
newly discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on
a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security
product vendors rely on TELUS Security Labs research.

http://www.telussecuritylabs.com/

Related

checkpoint_advisories 2
securityvulns 1
redhat 1
nessus 16
cve 1
veracode 1
openvas 12
oraclelinux 1
centos 1
prion 1
ubuntucve 1
fedora 1
ubuntu 1
checkpoint_advisories
checkpoint_advisories
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow (CVE-2010-2221)
2010-09-27 00:00:00
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow - High Confidence (CVE-2010-2221)
2013-04-22 00:00:00
securityvulns
securityvulns
Multiple iSCSI implementations security vulnerabilities
2010-07-06 00:00:00
redhat
redhat
(RHSA-2010:0518) Important: scsi-target-utils security update
2010-07-08 00:00:00
nessus
nessus
Oracle Linux 5 : scsi-target-utils (ELSA-2010-0518)
2013-07-12 00:00:00
RHEL 5 : scsi-target-utils (RHSA-2010:0518)
2013-01-24 00:00:00
CentOS 5 : scsi-target-utils (CESA-2010:0518)
2010-07-16 00:00:00
cve
cve
CVE-2010-2221
2010-07-08 18:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:05
openvas
openvas
CentOS Update for scsi-target-utils CESA-2010:0518 centos5 i386
2011-08-09 00:00:00
Oracle Linux Local Check: ELSA-2010-0518
2015-10-06 00:00:00
CentOS Update for scsi-target-utils CESA-2010:0518 centos5 i386
2011-08-09 00:00:00
oraclelinux
oraclelinux
scsi-target-utils security update
2010-07-08 00:00:00
centos
centos
scsi security update
2010-07-14 22:27:09
prion
prion
Buffer overflow
2010-07-08 18:30:00
ubuntucve
ubuntucve
CVE-2010-2221
2010-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: scsi-target-utils-1.0.18-1.fc14
2011-07-12 04:55:18
ubuntu
ubuntu
tgt vulnerabilities
2011-06-21 00:00:00
JSON
Related for SECURITYVULNS:DOC:24169
checkpoint_advisories2securityvulns1redhat1nessus16cve1veracode1openvas12oraclelinux1centos1prion1ubuntucve1fedora1ubuntu1