CVSS: 6.8EPSS: 56%CPEs: 60EXPL: 0CVE-2010-2221 – scsi-target-utils: stack buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2010-2221
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. Múltiples desbordamientos de búfer en la implementación iSNS en isns.c en (1) Linux SCSI target framework (alias tgt o scsi-target-utils) anterior a v1.0.6, (2) iSCSI Enterprise Target (alias iscsitarget or IET) v1.4.20.1 y anteriores, y (3) Generic SCSI Target Subsystem for Linux (alias SCST or iscsi-scst) v1.0.1.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y cuelgue del demonio) o posiblemente ejecutar código arbitrario a través de (a) una cadena de nombre iSCSI largo en un mensaje SCN o (b) un PDU inválido. • http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793 http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 http://secunia.com/advisories/40485 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2007-5827
https://notcve.org/view.php?id=CVE-2007-5827
iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. iSCSI Enterprise Target (iscsitarget) 0.4.15 utiliza permisos débiles para /etc/ietd.conf, lo cual permite a usuarios locales obtener las contraseñas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873 http://osvdb.org/42037 http://secunia.com/advisories/27483 http://www.securityfocus.com/bid/26299 https://exchange.xforce.ibmcloud.com/vulnerabilities/38228 • CWE-264: Permissions, Privileges, and Access Controls •