Published: 08/04/2010 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and previous versions and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote malicious users to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zaal tgt
zaal tgt 1.0.3
iscsitarget iscsitarget 0.4.16

Synopsis Important: scsi-target-utils security update Type/Severity Security Advisory: Important Topic An updated scsi-target-utils package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact ...

Debian Bug report logs - #574935 iscsitarget: Format string vulnerability Package: iscsitarget; Maintainer for iscsitarget is Debian iSCSI Maintainers <pkg-iscsi-maintainers@listsaliothdebianorg>; Source for iscsitarget is src:iscsitarget (PTS, buildd, popcon) Reported by: Florent Daigniere <nextgens@freenetprojectorg ...

Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework (which is known as iscsitarget under Debian) allow remote attackers to cause a denial of service in the ietd daemon The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service (iSNS) request For the stable distribution (le ...

CWE-134 http://marc.info/?l=oss-security&m=127005132403189&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935 http://www.securityfocus.com/bid/39127 https://bugzilla.redhat.com/show_bug.cgi?id=576359 http://secunia.com/advisories/39142 http://secunia.com/advisories/39726 http://www.debian.org/security/2010/dsa-2042 http://www.vupen.com/english/advisories/2010/1786 http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html https://exchange.xforce.ibmcloud.com/vulnerabilities/57496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11248 http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git%3Ba=commit%3Bh=107d922706cd36f3bb79bcca9bc4678c32f22e59 https://access.redhat.com/errata/RHSA-2010:0362 https://www.debian.org/security/./dsa-2042 https://nvd.nist.gov

CVE-2010-0743

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect