Candidate: CVE-2010-0743 PublicDate: 2010-04-08 17:30:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0743 Description: Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages. Ubuntu-Description: Notes: jdstrand> iscsitarget and tgt have stack protector in 8.04 LTS and higher, so this is a DoS at most. Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576086 https://bugzilla.redhat.com/show_bug.cgi?id=576359 Priority: medium Discovered-by: Florent Daigniere Assigned-to: CVSS: Tags_iscsitarget: stack-protector Patches_iscsitarget: upstream: http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=644&r2=649 upstream_iscsitarget: released (1.4.20.2-1) dapper_iscsitarget: DNE hardy_iscsitarget: ignored (reached end-of-life) intrepid_iscsitarget: ignored (reached end-of-life) jaunty_iscsitarget: ignored (reached end-of-life) karmic_iscsitarget: ignored (reached end-of-life) lucid_iscsitarget: ignored (reached end-of-life) maverick_iscsitarget: not-affected (1.4.20.2-1ubuntu1) natty_iscsitarget: not-affected oneiric_iscsitarget: not-affected precise_iscsitarget: not-affected quantal_iscsitarget: not-affected raring_iscsitarget: not-affected saucy_iscsitarget: not-affected devel_iscsitarget: not-affected Tags_tgt: stack-protector Patches_tgt: upstream: http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commitdiff;h=107d922706cd36f3bb79bcca9bc4678c32f22e59 upstream_tgt: released (1:1.0.3-2) dapper_tgt: DNE hardy_tgt: ignored (reached end-of-life) jaunty_tgt: ignored (reached end-of-life) karmic_tgt: ignored (reached end-of-life) lucid_tgt: ignored (reached end-of-life) maverick_tgt: not-affected (1:1.0.4-1ubuntu4) natty_tgt: not-affected (1:1.0.4-1ubuntu4) oneiric_tgt: not-affected (1:1.0.4-1ubuntu4) precise_tgt: not-affected (1:1.0.4-1ubuntu4) quantal_tgt: not-affected (1:1.0.4-1ubuntu4) raring_tgt: not-affected (1:1.0.4-1ubuntu4) saucy_tgt: not-affected (1:1.0.4-1ubuntu4) devel_tgt: not-affected (1:1.0.4-1ubuntu4)