| Summary: | sys-block/iscsitarget: remotely exploitable format string vulnerabilities (CVE-2010-0743) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | blocker | CC: | base-system, staff |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935 | ||
| Whiteboard: | B0 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2010-04-09 18:13:34 UTC
CVE-2010-0743 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0743): Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. Arches, please test and mark stable: =sys-block/iscsitarget-1.4.19 Target keywords : "amd64 ppc x86" x86 stable amd64 stable *ping* ppc Marked ppc stable, sorry about the delay. GLSA request filed. This issue was resolved and addressed in GLSA 201201-06 at http://security.gentoo.org/glsa/glsa-201201-06.xml by GLSA coordinator Sean Amoss (ackle). |