| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Jul 2010 15:17:58 -0400 (EDT)
From: TELUS Security Labs - Vulnerability Research <noreply@...us.com>
To: full-disclosure@...ts.grok.org.uk
Subject: TELUS Security Labs VR - iSCSI target Multiple
Implementations iSNS Stack Buffer Overflow
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow
TSL ID: FSC20100701-01
1. Affected Software
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
References:
http://iscsitarget.sourceforge.net/
http://scst.sourceforge.net/
http://stgt.sourceforge.net/
2. Vulnerability Summary
A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.
3. Vulnerability Analysis
Successful exploitation of this vulnerability can result in a complete compromise of the target system. In an unsuccessful attack attempt, the vulnerable system may abnormally terminate.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
5. Workaround
Disable or uninstall the affected module.
6. Vendor Response
Patches have been made available to eliminate this vulnerability:
http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel
7. Disclosure Timeline
2010-05-18 Reported to vendor
2010-05-18 Initial vendor response
2010-07-01 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-2221
Vendor: Not available
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security research. Our research
services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.
http://www.telussecuritylabs.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists