iSCSI Enterprise Target Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024175 |
|
SecurityTracker URL: http://securitytracker.com/id/1024175
|
|
CVE Reference:
CVE-2010-2221
(Links to External Site)
|
Date: Jul 8 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.4.20.1 and prior versions
|
Description:
A vulnerability was reported in iSCSI Enterprise Target. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted Internet Storage Name Service (iSNS) requests to trigger a stack overflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target tgtd daemon.
The vendor was notified on May 18, 2010.
The Vulnerability Research Team at TELUS Security Labs reported this vulnerability.
[Editor's note: Several buffer overflows exist.]
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued a source code fix.
|
Vendor URL: iscsitarget.sourceforge.net/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 02 Jul 2010 13:19:48 -0600
Subject: TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow
|
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow
TSL ID: FSC20100701-01
1. Affected Software
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
References:
http://iscsitarget.sourceforge.net/
http://scst.sourceforge.net/
http://stgt.sourceforge.net/
2. Vulnerability Summary
A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system.
3. Vulnerability Analysis
Successful exploitation of this vulnerability can result in a complete compromise of the target system. In an unsuccessful attack attempt, the vulnerable system may abnormally terminate.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
iSCSI Enterprise Project iscsitarget 1.4.20.1 and prior
SCST project iscsi-scst 1.0.1.1 and prior
tgt project tgt 1.0.5 and prior
5. Workaround
Disable or uninstall the affected module.
6. Vendor Response
Patches have been made available to eliminate this vulnerability:
http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel
7. Disclosure Timeline
2010-05-18 Reported to vendor
2010-05-18 Initial vendor response
2010-07-01 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-2221
Vendor: Not available
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of security research. Our research services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.
http://www.telussecuritylabs.com/
|
|
