open-iscsi project open-iscsi vulnerabilities and exploits

(subscribe to this query)

An issue exists in Open-iSCSI up to and including 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with over...

Open-iscsi Project Open-iscsi

usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) prior to 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaph...

Redhat Open Iscsi

An issue exists in Contiki up to and including 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

Uip Project Uip Open-iscsi Project Open-iscsi Siemens Sentron 3va Com100 Firmware Siemens Sentron 3va Com800 Firmware Siemens Sentron Pac3200 Firmware Siemens Sentron Pac4200 Firmware

An issue exists in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal d...

Uip Project Uip Open-iscsi Project Open-iscsi Siemens Sentron 3va Com100 Firmware Siemens Sentron 3va Com800 Firmware Siemens Sentron 3va Dsp800 Firmware Siemens Sentron Pac2200 Clp Firmware -Siemens Sentron Pac2200 Firmware Siemens Sentron Pac3200 Firmware Siemens Sentron Pac3200t Firmware Siemens Sentron Pac3220 Firmware Siemens Sentron Pac4200 Firmware

usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) prior to 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote malicious users to access the management interface and cause a denial of service (iscsi...

Redhat Enterprise Linux 5.0

Open-iSCSI rtslib-fb up to and including 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

Rtslib-fb Project Rtslib-fb

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x up to and including 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote malicious users to read or write files via directory traversal in an XCOPY request. For example, a...

Tcmu-runner Project Tcmu-runner

Open-iSCSI targetcli-fb up to and including 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).

Targetcli-fb Project Targetcli-fb Fedoraproject Fedora 32

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook