CVE-2010-2221

Description

Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.

Affected products

arne_redlich_&_ross_walker / iscsitarget0.2.5 – 0.2.5
arne_redlich_&_ross_walker / iscsitarget0.4.0 – 0.4.0
arne_redlich_&_ross_walker / iscsitarget0.4.1 – 0.4.1
arne_redlich_&_ross_walker / iscsitarget0.4.2 – 0.4.2
arne_redlich_&_ross_walker / iscsitarget0.4.3 – 0.4.3
arne_redlich_&_ross_walker / iscsitarget0.4.4 – 0.4.4
arne_redlich_&_ross_walker / iscsitarget0.4.5 – 0.4.5
arne_redlich_&_ross_walker / iscsitarget0.4.6 – 0.4.6
arne_redlich_&_ross_walker / iscsitarget0.4.7 – 0.4.7
arne_redlich_&_ross_walker / iscsitarget0.4.8 – 0.4.8
arne_redlich_&_ross_walker / iscsitarget0.4.9 – 0.4.9
arne_redlich_&_ross_walker / iscsitarget0.4.10 – 0.4.10
arne_redlich_&_ross_walker / iscsitarget0.4.11 – 0.4.11
arne_redlich_&_ross_walker / iscsitarget0.4.12 – 0.4.12
arne_redlich_&_ross_walker / iscsitarget0.4.13 – 0.4.13
arne_redlich_&_ross_walker / iscsitarget0.4.14 – 0.4.14
arne_redlich_&_ross_walker / iscsitarget0.4.15 – 0.4.15
arne_redlich_&_ross_walker / iscsitarget0.4.16 – 0.4.16
arne_redlich_&_ross_walker / iscsitarget0.4.17 – 0.4.17
arne_redlich_&_ross_walker / iscsitarget1.4.18 – 1.4.18
arne_redlich_&_ross_walker / iscsitarget1.4.19 – 1.4.19
arne_redlich_&_ross_walker / iscsitarget1.4.20
arne_redlich_&_ross_walker / iscsitarget0.1.0 – 0.1.0
arne_redlich_&_ross_walker / iscsitarget0.2.0 – 0.2.0
arne_redlich_&_ross_walker / iscsitarget0.2.1 – 0.2.1
arne_redlich_&_ross_walker / iscsitarget0.2.2 – 0.2.2
arne_redlich_&_ross_walker / iscsitarget0.2.3 – 0.2.3
arne_redlich_&_ross_walker / iscsitarget0.2.4 – 0.2.4
arne_redlich_&_ross_walker / iscsitarget0.2.6 – 0.2.6
arne_redlich_&_ross_walker / iscsitarget0.3.0 – 0.3.0
arne_redlich_&_ross_walker / iscsitarget0.3.1 – 0.3.1
arne_redlich_&_ross_walker / iscsitarget0.3.2 – 0.3.2
arne_redlich_&_ross_walker / iscsitarget0.3.3 – 0.3.3
arne_redlich_&_ross_walker / iscsitarget0.3.4 – 0.3.4
arne_redlich_&_ross_walker / iscsitarget0.3.5 – 0.3.5
arne_redlich_&_ross_walker / iscsitarget0.3.6 – 0.3.6
arne_redlich_&_ross_walker / iscsitarget0.3.7 – 0.3.7
arne_redlich_&_ross_walker / iscsitarget0.3.8 – 0.3.8
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.0a – 0.9.0a
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.3 – 0.9.3
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.4 – 0.9.4
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.5 – 0.9.5
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.5.1 – 0.9.5.1
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.5.2 – 0.9.5.2
vladislav_bolkhovitin / generic_scsi_target_subsystem1.0.0 – 1.0.0
vladislav_bolkhovitin / generic_scsi_target_subsystem1.0.1
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.1 – 0.9.1
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.2 – 0.9.2
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.3 – 0.9.3
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.3 – 0.9.3
vladislav_bolkhovitin / generic_scsi_target_subsystem0.9.3 – 0.9.3
zaal / tgt1.0.0 – 1.0.0
zaal / tgt1.0.1 – 1.0.1
zaal / tgt1.0.2 – 1.0.2
zaal / tgt1.0.3 – 1.0.3
zaal / tgt1.0.4 – 1.0.4
zaal / tgt0.9.5 – 0.9.5
zaal / tgt1.0.5

CVE-2010-2221

Description

Affected products

References