Vulnerabilities > CVE-2011-0001 - Resource Management Errors vulnerability in Zaal TGT
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0332.NASL description From Red Hat Security Advisory 2011:0332 : An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 68223 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68223 title Oracle Linux 5 / 6 : scsi-target-utils (ELSA-2011-0332) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0332 and # Oracle Linux Security Advisory ELSA-2011-0332 respectively. # include("compat.inc"); if (description) { script_id(68223); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:09"); script_cve_id("CVE-2011-0001"); script_xref(name:"RHSA", value:"2011:0332"); script_name(english:"Oracle Linux 5 / 6 : scsi-target-utils (ELSA-2011-0332)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2011:0332 : An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/001982.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2011-March/001985.html" ); script_set_attribute( attribute:"solution", value:"Update the affected scsi-target-utils package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:scsi-target-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"scsi-target-utils-1.0.8-0.el5_6.1")) flag++; if (rpm_check(release:"EL6", reference:"scsi-target-utils-1.0.4-3.el6_0.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "scsi-target-utils"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0332.NASL description An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 52605 published 2011-03-10 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52605 title RHEL 5 / 6 : scsi-target-utils (RHSA-2011:0332) NASL family Fedora Local Security Checks NASL id FEDORA_2011-8890.NASL description fix double-free vulnerability leads to pre-authenticated crash fix iscsi target outgoing user binding broken unexpectedly Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55546 published 2011-07-11 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55546 title Fedora 15 : scsi-target-utils-1.0.18-1.fc15 (2011-8890) NASL family SuSE Local Security Checks NASL id SUSE_11_TGT-110418.NASL description This update of tgt fixes multiple bugs : - tgtadm user unbind broken [bnc#633111] - iscsitarget package not supported [bnc#513934] - iscsitarget vs. tgt (and /etc/ietd.conf) [bnc#598927] - tgt fix double free() flaw [bnc#665415, CVE-2011-0001] last seen 2020-06-01 modified 2020-06-02 plugin id 53638 published 2011-05-04 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53638 title SuSE 11.1 Security Update : tgt (SAT Patch Number 4409) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1156-1.NASL description It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. (CVE-2010-2221) Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2011-0001). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55283 published 2011-06-21 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55283 title Ubuntu 10.10 / 11.04 : tgt vulnerabilities (USN-1156-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-8930.NASL description fix double-free vulnerability leads to pre-authenticated crash fix iscsi target outgoing user binding broken unexpectedly Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55559 published 2011-07-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55559 title Fedora 14 : scsi-target-utils-1.0.18-1.fc14 (2011-8930) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2209.NASL description Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service. The oldstable distribution (lenny) doesn last seen 2020-03-17 modified 2011-04-04 plugin id 53259 published 2011-04-04 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53259 title Debian DSA-2209-1 : tgt - double free NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0332.NASL description An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 53426 published 2011-04-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53426 title CentOS 5 : scsi-target-utils (CESA-2011:0332) NASL family Scientific Linux Local Security Checks NASL id SL_20110309_SCSI_TARGET_UTILS_ON_SL5_X.NASL description A double-free flaw was found in scsi-target-utils last seen 2020-06-01 modified 2020-06-02 plugin id 60983 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60983 title Scientific Linux Security Update : scsi-target-utils on SL5.x, SL6.x i386/x86_64
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=667261
- http://www.securitytracker.com/id?1025184
- http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html
- http://secunia.com/advisories/43713
- http://www.securityfocus.com/bid/46817
- http://secunia.com/advisories/43706
- http://www.vupen.com/english/advisories/2011/0636
- http://www.redhat.com/support/errata/RHSA-2011-0332.html
- https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
- http://www.debian.org/security/2011/dsa-2209
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66010