Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework (which is known as iscsitarget under Debian) allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service (iSNS) request. For the stable distribution (lenny), this problem has been fixed in version 0.4.16+svn162-3.1+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 0.4.17+svn229-1.4. For the unstable distribution (sid), this problem has been fixed in version 0.4.17+svn229-1.4.
Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework (which is known as iscsitarget under Debian) allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service (iSNS) request.
For the stable distribution (lenny), this problem has been fixed in version 0.4.16+svn162-3.1+lenny1.
For the testing distribution (squeeze), this problem has been fixed in version 0.4.17+svn229-1.4.
For the unstable distribution (sid), this problem has been fixed in version 0.4.17+svn229-1.4.
MD5 checksums of the listed files are available in the original advisory.