Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 314187 (CVE-2010-0743) - sys-block/iscsitarget: remotely exploitable format string vulnerabilities (CVE-2010-0743)
Summary: sys-block/iscsitarget: remotely exploitable format string vulnerabilities (CV...
Alias: CVE-2010-0743
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High blocker (vote)
Assignee: Gentoo Security
Whiteboard: B0 [glsa]
Depends on:
Reported: 2010-04-09 18:13 UTC by Stefan Behte (RETIRED)
Modified: 2012-01-23 12:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-04-09 18:13:34 UTC

I've checked our code: iscsitarget-1.4.19 has the patch, but it's not stable yet.

@base-system: is 1.4.19 it ok to go stable?
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:02:03 UTC
CVE-2010-0743 (
  Multiple format string vulnerabilities in isns.c in (1) Linux SCSI
  target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and
  earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16
  allow remote attackers to cause a denial of service (tgtd daemon
  crash) or possibly have unspecified other impact via vectors that
  involve the isns_attr_query and qry_rsp_handle functions, and are
  related to (a) client appearance and (b) client disappearance

Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-19 16:57:04 UTC
Arches, please test and mark stable:
Target keywords : "amd64 ppc x86"
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-06-20 09:34:40 UTC
x86 stable
Comment 4 Markus Meier gentoo-dev 2010-06-21 20:22:35 UTC
amd64 stable
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 13:06:50 UTC
*ping* ppc
Comment 6 Joe Jezak (RETIRED) gentoo-dev 2010-08-11 17:57:38 UTC
Marked ppc stable, sorry about the delay.
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2010-10-06 13:15:35 UTC
GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 12:19:10 UTC
This issue was resolved and addressed in
 GLSA 201201-06 at
by GLSA coordinator Sean Amoss (ackle).