CVE-2010-2221: Buffer Overflow
First published: Wed May 19 2010(Updated: )
It was reported that a stack buffer overflow vulnerability exists in multiple implementations of iSCSI target, including scsi-target-utils. A missing bounds check when handling SCN messages could result in a buffer overflow when the iSCSI Name string is longer than 1008 bytes, which could lead to corruption of sensitive stack data. During investigation, more buffer overflow vulnerabilities were discovered as well. Acknowledgements: Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.4 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.10 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.4 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.0 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.3 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.6 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.11 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.0 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.5 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.15 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.13 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.2 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.3 | |
| Arne Redlich \& Ross Walker Iscsitarget | =1.4.18 | |
| Arne Redlich \& Ross Walker Iscsitarget | =1.4.19 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.12 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.2 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.2 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.7 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.5 | |
| Arne Redlich \& Ross Walker Iscsitarget | <=1.4.20 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.1 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.8 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.1 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.1.0 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.17 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.1 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.4 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.14 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.0 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.6 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.2.6 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.3 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.8 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.5 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.16 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.3.7 | |
| Arne Redlich \& Ross Walker Iscsitarget | =0.4.9 | |
| redhat/scsi-target-utils | <0:0.0-6.20091205snap.el5_5.3 | 0:0.0-6.20091205snap.el5_5.3 |
| Zaal Tgt | <=1.0.5 | |
| Zaal Tgt | =0.9.5 | |
| Zaal Tgt | =1.0.0 | |
| Zaal Tgt | =1.0.1 | |
| Zaal Tgt | =1.0.2 | |
| Zaal Tgt | =1.0.3 | |
| Zaal Tgt | =1.0.4 | |
| Linux Linux kernel | ||
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | <=1.0.1 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.0a | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.1 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.2 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.3 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.3-pre1 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.3-pre2 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.3-pre4 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.4 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.5 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.5.1 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =0.9.5.2 | |
| Vladislav Bolkhovitin Generic Scsi Target Subsystem | =1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html
- http://www.osvdb.org/65990
- http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793
- https://bugzilla.redhat.com/show_bug.cgi?id=593877
- http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html
- http://secunia.com/advisories/40485
- http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html
- http://www.osvdb.org/65991
- http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793
- http://secunia.com/advisories/40494
- http://www.osvdb.org/65992
- http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel
- http://secunia.com/advisories/40495
- http://www.securityfocus.com/bid/41327
- http://www.redhat.com/support/errata/RHSA-2010-0518.html
- http://www.vupen.com/english/advisories/2010/1760
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:131
- http://www.securitytracker.com/id?1024175
- http://www.vupen.com/english/advisories/2010/1786
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- https://access.redhat.com/security/cve/CVE-2010-0743
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=422756&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=422756&action=edit
- https://access.redhat.com/security/cve/CVE-2010-2221
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=424334&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=424334&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=593877#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=593877#c34
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=593877#c35
- http://lists.grok.org.uk/pipermail/full-disclosure/2010-July/075478.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=593877#c19
- https://rhn.redhat.com/errata/RHSA-2010-0518.html
- https://www.cve.org/CVERecord?id=CVE-2010-2221 https://nvd.nist.gov/vuln/detail/CVE-2010-2221
- https://access.redhat.com/errata/RHSA-2010:0518
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2221
- vendor/arne redlich \& ross walker
- canonical/arne redlich \& ross walker iscsitarget
- version/arne redlich \& ross walker iscsitarget/0.4.4
- version/arne redlich \& ross walker iscsitarget/0.4.10
- version/arne redlich \& ross walker iscsitarget/0.2.4
- version/arne redlich \& ross walker iscsitarget/0.3.0
- version/arne redlich \& ross walker iscsitarget/0.3.3
- version/arne redlich \& ross walker iscsitarget/0.4.6
- version/arne redlich \& ross walker iscsitarget/0.4.11
- version/arne redlich \& ross walker iscsitarget/0.4.0
- version/arne redlich \& ross walker iscsitarget/0.4.5
- version/arne redlich \& ross walker iscsitarget/0.4.15
- version/arne redlich \& ross walker iscsitarget/0.4.13
- version/arne redlich \& ross walker iscsitarget/0.4.2
- version/arne redlich \& ross walker iscsitarget/0.2.3
- version/arne redlich \& ross walker iscsitarget/1.4.18
- version/arne redlich \& ross walker iscsitarget/1.4.19
- version/arne redlich \& ross walker iscsitarget/0.4.12
- version/arne redlich \& ross walker iscsitarget/0.2.2
- version/arne redlich \& ross walker iscsitarget/0.3.2
- version/arne redlich \& ross walker iscsitarget/0.4.7
- version/arne redlich \& ross walker iscsitarget/0.2.5
- version/arne redlich \& ross walker iscsitarget/1.4.20
- version/arne redlich \& ross walker iscsitarget/0.2.1
- version/arne redlich \& ross walker iscsitarget/0.3.8
- version/arne redlich \& ross walker iscsitarget/0.3.1
- version/arne redlich \& ross walker iscsitarget/0.1.0
- version/arne redlich \& ross walker iscsitarget/0.4.17
- version/arne redlich \& ross walker iscsitarget/0.4.1
- version/arne redlich \& ross walker iscsitarget/0.3.4
- version/arne redlich \& ross walker iscsitarget/0.4.14
- version/arne redlich \& ross walker iscsitarget/0.2.0
- version/arne redlich \& ross walker iscsitarget/0.3.6
- version/arne redlich \& ross walker iscsitarget/0.2.6
- version/arne redlich \& ross walker iscsitarget/0.4.3
- version/arne redlich \& ross walker iscsitarget/0.4.8
- version/arne redlich \& ross walker iscsitarget/0.3.5
- version/arne redlich \& ross walker iscsitarget/0.4.16
- version/arne redlich \& ross walker iscsitarget/0.3.7
- version/arne redlich \& ross walker iscsitarget/0.4.9
- package-manager/redhat
- vendor/zaal
- canonical/zaal tgt
- version/zaal tgt/1.0.5
- version/zaal tgt/0.9.5
- version/zaal tgt/1.0.0
- version/zaal tgt/1.0.1
- version/zaal tgt/1.0.2
- version/zaal tgt/1.0.3
- version/zaal tgt/1.0.4
- vendor/linux
- canonical/linux linux kernel
- vendor/vladislav bolkhovitin
- canonical/vladislav bolkhovitin generic scsi target subsystem
- version/vladislav bolkhovitin generic scsi target subsystem/1.0.1
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.0a
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.1
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.2
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.3
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.3-pre1
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.3-pre2
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.3-pre4
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.4
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.5
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.5.1
- version/vladislav bolkhovitin generic scsi target subsystem/0.9.5.2
- version/vladislav bolkhovitin generic scsi target subsystem/1.0.0