Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| iscsitarget | iscsitarget | 0.4.16 |
| zaal | tgt | 1.0.3 |
| zaal | tgt | * |
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 1.0.0 |
| arne_redlich_&_ross_walker | iscsitarget | 1.4.18 |
| zaal | tgt | * |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.1 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.9 |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.5 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.6 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.5 |
| zaal | tgt | 1.0.3 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.4 |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.4 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.7 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.3 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.13 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.6 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.5 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.15 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.2 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.2 |
| zaal | tgt | 1.0.0 |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.2 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.12 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.2 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.1 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.5 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.3 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.10 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.5.2 |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.3 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.0 |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.8 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.8 |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.6 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.3 |
| arne_redlich_&_ross_walker | iscsitarget | 0.1.0 |
| arne_redlich_&_ross_walker | iscsitarget | * |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.0 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.11 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.14 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.0a |
| zaal | tgt | 0.9.5 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.1 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.4 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | 0.9.5.1 |
| arne_redlich_&_ross_walker | iscsitarget | 1.4.19 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.1 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.0 |
| vladislav_bolkhovitin | generic_scsi_target_subsystem | * |
| arne_redlich_&_ross_walker | iscsitarget | 0.3.7 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.16 |
| zaal | tgt | 1.0.4 |
| arne_redlich_&_ross_walker | iscsitarget | 0.4.17 |
| zaal | tgt | 1.0.1 |
| zaal | tgt | 1.0.2 |
| arne_redlich_&_ross_walker | iscsitarget | 0.2.4 |
Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| zaal | tgt | 1.0.8 |
| zaal | tgt | 1.0.10 |
| zaal | tgt | 1.0.11 |
| zaal | tgt | 1.0.9 |
| zaal | tgt | * |
| zaal | tgt | 0.9.5 |
| zaal | tgt | 1.0.12 |
| zaal | tgt | 1.0.5 |
| zaal | tgt | 1.0.6 |
| zaal | tgt | 1.0.3 |
| zaal | tgt | 1.0.7 |
| zaal | tgt | 1.0.4 |
| zaal | tgt | 1.0.0 |
| zaal | tgt | 1.0.1 |
| zaal | tgt | 1.0.2 |