PublicDateAtUSN: 2010-07-08 Candidate: CVE-2010-2221 PublicDate: 2010-07-08 18:30:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2221 http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html https://ubuntu.com/security/notices/USN-1156-1 Description: Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. Ubuntu-Description: Notes: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=593877 Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: Patches_iscsitarget: vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 upstream: http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 upstream_iscsitarget: released (1.4.20.1-1) dapper_iscsitarget: DNE hardy_iscsitarget: ignored (reached end-of-life) jaunty_iscsitarget: ignored (reached end-of-life) karmic_iscsitarget: ignored (reached end-of-life) lucid_iscsitarget: ignored (reached end-of-life) maverick_iscsitarget: ignored (reached end-of-life) natty_iscsitarget: ignored (reached end-of-life) oneiric_iscsitarget: ignored (reached end-of-life) precise_iscsitarget: ignored (reached end-of-life) precise/esm_iscsitarget: DNE (precise was needed) quantal_iscsitarget: ignored (reached end-of-life) raring_iscsitarget: ignored (reached end-of-life) saucy_iscsitarget: ignored (reached end-of-life) trusty_iscsitarget: not-affected (2.4.20.3+svn499-0ubuntu2.3) trusty/esm_iscsitarget: DNE (trusty was not-affected [2.4.20.3+svn499-0ubuntu2.3]) utopic_iscsitarget: ignored (reached end-of-life) vivid_iscsitarget: ignored (reached end-of-life) vivid/stable-phone-overlay_iscsitarget: DNE vivid/ubuntu-core_iscsitarget: DNE wily_iscsitarget: ignored (reached end-of-life) xenial_iscsitarget: not-affected (2.4.20.3+svn499-0ubuntu2.3) yakkety_iscsitarget: DNE zesty_iscsitarget: DNE artful_iscsitarget: DNE bionic_iscsitarget: DNE cosmic_iscsitarget: DNE devel_iscsitarget: DNE Patches_tgt: vendor: https://bugzilla.redhat.com/attachment.cgi?id=422756 (1st part) vendor: https://bugzilla.redhat.com/attachment.cgi?id=424334 (2nd part) upstream_tgt: released (1.0.6) dapper_tgt: DNE hardy_tgt: ignored (reached end-of-life) jaunty_tgt: ignored (reached end-of-life) karmic_tgt: ignored (reached end-of-life) lucid_tgt: ignored (reached end-of-life) maverick_tgt: released (1:1.0.4-1ubuntu4.1) natty_tgt: not-affected (1:1.0.13-0ubuntu2) oneiric_tgt: not-affected (1:1.0.13-0ubuntu2) precise_tgt: not-affected (1:1.0.13-0ubuntu2) precise/esm_tgt: not-affected (1:1.0.13-0ubuntu2) quantal_tgt: not-affected (1:1.0.13-0ubuntu2) raring_tgt: not-affected (1:1.0.13-0ubuntu2) saucy_tgt: not-affected (1:1.0.13-0ubuntu2) trusty_tgt: not-affected (1:1.0.13-0ubuntu2) trusty/esm_tgt: not-affected (1:1.0.13-0ubuntu2) utopic_tgt: not-affected (1:1.0.13-0ubuntu2) vivid_tgt: not-affected (1:1.0.13-0ubuntu2) vivid/stable-phone-overlay_tgt: DNE vivid/ubuntu-core_tgt: DNE wily_tgt: not-affected (1:1.0.13-0ubuntu2) xenial_tgt: not-affected (1:1.0.13-0ubuntu2) esm-infra/xenial_tgt: not-affected (1:1.0.13-0ubuntu2) yakkety_tgt: not-affected (1:1.0.13-0ubuntu2) zesty_tgt: not-affected (1:1.0.13-0ubuntu2) artful_tgt: not-affected (1:1.0.13-0ubuntu2) bionic_tgt: not-affected (1:1.0.13-0ubuntu2) cosmic_tgt: not-affected (1:1.0.13-0ubuntu2) devel_tgt: not-affected (1:1.0.13-0ubuntu2)