Computer Security
[EN] no-pyccku

Multiple iSCSI implementations security vulnerabilities
SecurityVulns ID:10970
Threat Level:
Description:Buffer overflow on iSNS message parsing.
Affected:ISCSITARGET : iscsitarget 1.4
 SCST : iscsi-scst 1.0
 TGT : tgt 1.0
CVE:CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.)
Original documentdocumentnoreply_(at), TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow (06.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod