ID |
CVE-2011-0001
|
Summary |
Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:zaal:tgt:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.5:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.3:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.9:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.6:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.12:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:0.9.5:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:*:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:*:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.4:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.11:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.8:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.7:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:zaal:tgt:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:zaal:tgt:1.0.10:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 13-02-2023 - 03:22) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 667261 | title | CVE-2011-0001 scsi-target-utils: double-free vulnerability leads to pre-authenticated crash |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 6 is installed | oval | oval:com.redhat.rhba:tst:20111656003 |
comment | scsi-target-utils is earlier than 0:1.0.4-3.el6_0.1 | oval | oval:com.redhat.rhsa:tst:20110332001 |
comment | scsi-target-utils is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20110332002 |
|
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
comment | scsi-target-utils is earlier than 0:1.0.8-0.el5_6.1 | oval | oval:com.redhat.rhsa:tst:20110332004 |
comment | scsi-target-utils is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20100362002 |
|
|
| rhsa | id | RHSA-2011:0332 | released | 2011-03-09 | severity | Important | title | RHSA-2011:0332: scsi-target-utils security update (Important) |
|
| rpms | - scsi-target-utils-0:1.0.4-3.el6_0.1
- scsi-target-utils-0:1.0.8-0.el5_6.1
- scsi-target-utils-debuginfo-0:1.0.4-3.el6_0.1
- scsi-target-utils-debuginfo-0:1.0.8-0.el5_6.1
|
|
refmap
via4
|
|
Last major update |
13-02-2023 - 03:22 |
Published |
15-03-2011 - 17:55 |
Last modified |
13-02-2023 - 03:22 |