A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.
6fcd69274daa390cb09aab03d6ff81c49f17f973d50117e842e0491b410fefbdiSCSI target Multiple Implementations iSNS Stack Buffer Overflow
TSL ID: FSC20100701-01
1. Affected Software
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
References:
http://iscsitarget.sourceforge.net/
http://scst.sourceforge.net/
http://stgt.sourceforge.net/
2. Vulnerability Summary
A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.
3. Vulnerability Analysis
Successful exploitation of this vulnerability can result in a complete compromise of the target system. In an unsuccessful attack attempt, the vulnerable system may abnormally terminate.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
5. Workaround
Disable or uninstall the affected module.
6. Vendor Response
Patches have been made available to eliminate this vulnerability:
http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel
7. Disclosure Timeline
2010-05-18 Reported to vendor
2010-05-18 Initial vendor response
2010-07-01 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-2221
Vendor: Not available
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security research. Our research
services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.
http://www.telussecuritylabs.com/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed