Vulnerabilities > CVE-2010-0743 - Use of Externally-Controlled Format String vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0362.NASL description From Red Hat Security Advisory 2010:0362 : An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A format string flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 68034 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68034 title Oracle Linux 5 : scsi-target-utils (ELSA-2010-0362) NASL family SuSE Local Security Checks NASL id SUSE_11_2_TGT-100805.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 49216 published 2010-09-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49216 title openSUSE Security Update : tgt (openSUSE-SU-2010:0608-1) NASL family SuSE Local Security Checks NASL id SUSE_11_TGT-100819.NASL description This update of tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 50964 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50964 title SuSE 11 / 11.1 Security Update : tgt (SAT Patch Numbers 2958 / 2959) NASL family SuSE Local Security Checks NASL id SUSE_11_ISCSITARGET-100903.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 51603 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51603 title SuSE 11.1 Security Update : iSCSI (SAT Patch Number 2879) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-06.NASL description The remote host is affected by the vulnerability described in GLSA-201201-06 (iSCSI Enterprise Target: Arbitrary code execution) Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target contain format string errors. Impact : A remote attacker could send a specially crafted Internet Storage Name Service (iSNS) request, possibly resulting in the execution of arbitrary code with root privileges or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57648 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57648 title GLSA-201201-06 : iSCSI Enterprise Target: Arbitrary code execution NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2042.NASL description Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework (which is known as iscsitarget under Debian) allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service (iSNS) request. last seen 2020-06-01 modified 2020-06-02 plugin id 46243 published 2010-05-07 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46243 title Debian DSA-2042-1 : iscsitarget - format string NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1427.NASL description According to the versions of the scsi-target-utils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.(CVE-2010-2221) - Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.(CVE-2010-0743) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124930 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124930 title EulerOS Virtualization 3.0.1.0 : scsi-target-utils (EulerOS-SA-2019-1427) NASL family SuSE Local Security Checks NASL id SUSE_11_3_ISCSITARGET-100805.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 75531 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75531 title openSUSE Security Update : iscsitarget (openSUSE-SU-2010:0604-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_ISCSITARGET-100804.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 49213 published 2010-09-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49213 title openSUSE Security Update : iscsitarget (openSUSE-SU-2010:0604-1) NASL family Scientific Linux Local Security Checks NASL id SL_20100420_SCSI_TARGET_UTILS_ON_SL5_X.NASL description A format string flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 60783 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60783 title Scientific Linux Security Update : scsi-target-utils on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_2_ISCSITARGET-100805.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 49215 published 2010-09-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49215 title openSUSE Security Update : iscsitarget (openSUSE-SU-2010:0604-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_TGT-100805.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 49214 published 2010-09-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49214 title openSUSE Security Update : tgt (openSUSE-SU-2010:0608-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_TGT-100805.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 75757 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75757 title openSUSE Security Update : tgt (openSUSE-SU-2010:0608-1) NASL family SuSE Local Security Checks NASL id SUSE_ISCSITARGET-7109.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 49858 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49858 title SuSE 10 Security Update : iscsitarget (ZYPP Patch Number 7109) NASL family SuSE Local Security Checks NASL id SUSE_11_ISCSITARGET-100804.NASL description This update of iscscitarget/tgt fixes multiple overflows and a format string vulnerability : - CVE-2010-2221: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) - CVE-2010-0743: CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P): Format String Vulnerability (CWE-134) last seen 2020-06-01 modified 2020-06-02 plugin id 50914 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50914 title SuSE 11 Security Update : iSCSI (SAT Patch Number 2878) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0362.NASL description An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A format string flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 46757 published 2010-06-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46757 title CentOS 5 : scsi-target-utils (CESA-2010:0362) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0362.NASL description An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A format string flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 63927 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63927 title RHEL 5 : scsi-target-utils (RHSA-2010:0362)
Oval
| accepted | 2013-04-29T04:12:39.733-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11248 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://marc.info/?l=oss-security&m=127005132403189&w=2
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935
- http://www.securityfocus.com/bid/39127
- https://bugzilla.redhat.com/show_bug.cgi?id=576359
- http://secunia.com/advisories/39142
- http://secunia.com/advisories/39726
- http://www.debian.org/security/2010/dsa-2042
- http://www.vupen.com/english/advisories/2010/1786
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:131
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57496
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11248
- http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git%3Ba=commit%3Bh=107d922706cd36f3bb79bcca9bc4678c32f22e59