5

CVE-2011-0001

Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZaalTgt Version <= 1.0.13
ZaalTgt Version0.9.5
ZaalTgt Version1.0.0
ZaalTgt Version1.0.1
ZaalTgt Version1.0.2
ZaalTgt Version1.0.3
ZaalTgt Version1.0.4
ZaalTgt Version1.0.5
ZaalTgt Version1.0.6
ZaalTgt Version1.0.7
ZaalTgt Version1.0.8
ZaalTgt Version1.0.9
ZaalTgt Version1.0.10
ZaalTgt Version1.0.11
ZaalTgt Version1.0.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.11% 0.913
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html
Patch
http://secunia.com/advisories/43706
Vendor Advisory
http://secunia.com/advisories/43713
Vendor Advisory
http://www.debian.org/security/2011/dsa-2209
http://www.redhat.com/support/errata/RHSA-2011-0332.html
http://www.securityfocus.com/bid/46817
http://www.securitytracker.com/id?1025184
http://www.vupen.com/english/advisories/2011/0636
Vendor Advisory
https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=667261
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66010