lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20100702191758.66929680199@sticky.vrt.telus.com>
Date: Fri,  2 Jul 2010 15:17:58 -0400 (EDT)
From: TELUS Security Labs - Vulnerability Research <noreply@...us.com>
To: full-disclosure@...ts.grok.org.uk
Subject: TELUS Security Labs VR - iSCSI target Multiple
	Implementations iSNS	Stack Buffer Overflow

iSCSI target Multiple Implementations iSNS Stack Buffer Overflow

TSL ID: FSC20100701-01

1. Affected Software

  iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
  SCST project iscsi-scst 1.0.1.1 and prior
  tgt project tgt 1.0.5 and prior

References: 

   http://iscsitarget.sourceforge.net/
   http://scst.sourceforge.net/
   http://stgt.sourceforge.net/

2. Vulnerability Summary

A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.

3. Vulnerability Analysis

Successful exploitation of this vulnerability can result in a complete compromise of the target system. In an unsuccessful attack attempt, the vulnerable system may abnormally terminate.

4. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

  iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
  SCST project iscsi-scst 1.0.1.1 and prior
  tgt project tgt 1.0.5 and prior

5. Workaround

Disable or uninstall the affected module.

6. Vendor Response

Patches have been made available to eliminate this vulnerability:

http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel


7. Disclosure Timeline

  2010-05-18 Reported to vendor
  2010-05-18 Initial vendor response
  2010-07-01 Coordinated public disclosure

8. Credits

Vulnerability Research Team, TELUS Security Labs

9. References

  CVE: CVE-2010-2221
  Vendor: Not available

10. About TELUS Security Labs

TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security research. Our research 
services include:

    * Vulnerability Research
    * Malware Research
    * Signature Development
    * Shellcode Exploit Development
    * Application Protocols
    * Product Security Testing
    * Security Content Development (parsers, reports, alerts)

TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.

http://www.telussecuritylabs.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ