iSCSI target Multiple Implementations iSNS Stack Buffer Overflow

TSL ID: FSC20100701-01

1. Affected Software

  iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
  SCST project iscsi-scst 1.0.1.1 and prior
  tgt project tgt 1.0.5 and prior

References: 

   http://iscsitarget.sourceforge.net/
   http://scst.sourceforge.net/
   http://stgt.sourceforge.net/

2. Vulnerability Summary

A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.

3. Vulnerability Analysis

Successful exploitation of this vulnerability can result in a complete compromise of the target system. In an unsuccessful attack attempt, the vulnerable system may abnormally terminate.

4. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

  iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
  SCST project iscsi-scst 1.0.1.1 and prior
  tgt project tgt 1.0.5 and prior

5. Workaround

Disable or uninstall the affected module.

6. Vendor Response

Patches have been made available to eliminate this vulnerability:

http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel


7. Disclosure Timeline

  2010-05-18 Reported to vendor
  2010-05-18 Initial vendor response
  2010-07-01 Coordinated public disclosure

8. Credits

Vulnerability Research Team, TELUS Security Labs

9. References

  CVE: CVE-2010-2221
  Vendor: Not available

10. About TELUS Security Labs

TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security research. Our research 
services include:

    * Vulnerability Research
    * Malware Research
    * Signature Development
    * Shellcode Exploit Development
    * Application Protocols
    * Product Security Testing
    * Security Content Development (parsers, reports, alerts)

TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.

http://www.telussecuritylabs.com/