3 results (0.003 seconds)

CVSS: 6.8EPSS: 56%CPEs: 60EXPL: 0

Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. Múltiples desbordamientos de búfer en la implementación iSNS en isns.c en (1) Linux SCSI target framework (alias tgt o scsi-target-utils) anterior a v1.0.6, (2) iSCSI Enterprise Target (alias iscsitarget or IET) v1.4.20.1 y anteriores, y (3) Generic SCSI Target Subsystem for Linux (alias SCST or iscsi-scst) v1.0.1.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y cuelgue del demonio) o posiblemente ejecutar código arbitrario a través de (a) una cadena de nombre iSCSI largo en un mensaje SCN o (b) un PDU inválido. • http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793 http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 http://secunia.com/advisories/40485 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 5.0EPSS: 65%CPEs: 3EXPL: 0

Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. Múltiples vulnerabilidades de formato de cadena en isns.c en (1) Linux SCSI target framework (también conocido como tgt o scsi-target-utils) v1.0.3, v0.9.5, y (2) iSCSI Enterprise Target (también conocido como iscsitarget) v0.4.16, permite a atacantes remotos provocar una denegación de servicio (caída de demonio tgtd) o posiblemente tener un acto desconocido a través de vectores que involucran a las funciones isns_attr_query y qry_rsp_handle, y que están relacionadas con los mensajes (a) "client appearance" y (b) "client disappearance". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935 http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git%3Ba=commit%3Bh=107d922706cd36f3bb79bcca9bc4678c32f22e59 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=oss-security&m=127005132403189&w=2 http://secunia.com/advisories/39142 http://secunia.com/advisories/39726 http://www.debian.org/security/2010/dsa-2042 http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 http:/&#x • CWE-134: Use of Externally-Controlled Format String •

CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. iSCSI Enterprise Target (iscsitarget) 0.4.15 utiliza permisos débiles para /etc/ietd.conf, lo cual permite a usuarios locales obtener las contraseñas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873 http://osvdb.org/42037 http://secunia.com/advisories/27483 http://www.securityfocus.com/bid/26299 https://exchange.xforce.ibmcloud.com/vulnerabilities/38228 • CWE-264: Permissions, Privileges, and Access Controls •