iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
BID:39127
Info
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
| Bugtraq ID: | 39127 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0743 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2010 12:00AM |
| Updated: | Apr 13 2015 09:55PM |
| Credit: | Florent Daigniere |
| Vulnerable: |
tgt Project Linux SCSI target framework (tgt) 0.9.5 Slackware Linux x86_64 -current Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux -current Redhat Enterprise Linux 5 Server Redhat Cluster-Storage Server 5 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 iSCSI Enterprise Target iSCSI Enterprise Target 0.4.16 iSCSI Enterprise Target iSCSI Enterprise Target 0.4.15 Gentoo Linux Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 |
| Not Vulnerable: |
iSCSI Enterprise Target iSCSI Enterprise Target 0.4.19 |
Discussion
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
iSCSI Enterprise Target and tgt are prone to multiple format-string vulnerabilities because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Other attacks may also be possible, including data loss or corruption.
iSCSI Enterprise Target and tgt are prone to multiple format-string vulnerabilities because they fail to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Other attacks may also be possible, including data loss or corruption.
Exploit / POC
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Slackware Linux 13.0 x86_64
Slackware Linux x86_64 -current
Debian Linux 5.0 hppa
Debian Linux 5.0 ia-64
Debian Linux 5.0 m68k
Debian Linux 5.0 arm
Slackware Linux 13.0
Debian Linux 5.0 armel
MandrakeSoft Enterprise Server 5 x86_64
Slackware Linux 12.2
Debian Linux 5.0
Debian Linux 5.0 alpha
Debian Linux 5.0 amd64
Debian Linux 5.0 ia-32
Debian Linux 5.0 mips
MandrakeSoft Enterprise Server 5
Debian Linux 5.0 s/390
Debian Linux 5.0 mipsel
Debian Linux 5.0 powerpc
Debian Linux 5.0 sparc
Solution:
Updates are available. Please see the references for more information.
Slackware Linux 13.0 x86_64
-
Slackware mozilla-firefox-3.6.3-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/mozilla-firefox-3.6.3-x86_64-1_slack13.0.txz
Slackware Linux x86_64 -current
-
Slackware mozilla-firefox-3.6.3-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ xap/mozilla-firefox-3.6.3-x86_64-1.txz
Debian Linux 5.0 hppa
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_hppa.deb
Debian Linux 5.0 ia-64
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_ia64.deb
Debian Linux 5.0 m68k
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb
Debian Linux 5.0 arm
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_arm.deb
Slackware Linux 13.0
-
Slackware mozilla-firefox-3.6.3-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ mozilla-firefox-3.6.3-i686-1.txz
Debian Linux 5.0 armel
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_armel.deb
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva dkms-iscsitarget-0.4.16-4.1mdvmes5.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva iscsitarget-0.4.16-4.1mdvmes5.1.x86_64.rpm
http://www.mandriva.com/en/download/
Slackware Linux 12.2
-
Slackware mozilla-firefox-3.0.19-i686-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ mozilla-firefox-3.0.19-i686-1.tgz
Debian Linux 5.0
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb
Debian Linux 5.0 alpha
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_alpha.deb
Debian Linux 5.0 amd64
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_amd64.deb
Debian Linux 5.0 ia-32
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_i386.deb
Debian Linux 5.0 mips
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_mips.deb
MandrakeSoft Enterprise Server 5
-
Mandriva iscsitarget-0.4.16-4.1mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 s/390
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_s390.deb
Debian Linux 5.0 mipsel
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_mipsel.deb
Debian Linux 5.0 powerpc
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_powerpc.deb
Debian Linux 5.0 sparc
-
Debian iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget -source_0.4.16+svn162-3.1+lenny1_all.deb -
Debian iscsitarget_0.4.16+svn162-3.1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget _0.4.16+svn162-3.1+lenny1_sparc.deb
References
iSCSI Enterprise Target and tgt Multiple Format String Vulnerabilities
References:
References:
- #574935 iscsitarget: Format string vulnerability (Florent Daigniere)
- Bug 576359 - (CVE-2010-0743) CVE-2010-0743 scsi-target-utils: format string vuln (Vincent Danen)
- iSCSI Enterprise Target Homepage (iSCSI Enterprise Target)
- iscsitarget/scsi-target-tuils format string CVE assignment (Josh Bressers)
- tgt Homepage (tgt Project)