Lucene search

[email protected]CVE-2010-2221

HistoryJul 08, 2010 - 6:30 p.m.

CVE-2010-2221

2010-07-0818:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-2221

buffer overflow

isns

linux

scsi

tgt

scsi-target-utils

iscsi

iscsitarget

iet

scst

iscsi-scst

memory corruption

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.1 High

AI Score

Confidence

High

0.593 Medium

EPSS

Percentile

97.8%

JSON

Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.

Affected configurations

NVD

Node

zaaltgtRange≤1.0.5

zaaltgtMatch0.9.5

zaaltgtMatch1.0.0

zaaltgtMatch1.0.1

zaaltgtMatch1.0.2

zaaltgtMatch1.0.3

zaaltgtMatch1.0.4

AND

linuxlinux_kernel

Node

arne_redlich_\&_ross_walkeriscsitargetRange≤1.4.20

arne_redlich_\&_ross_walkeriscsitargetMatch0.1.0

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.0

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.1

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.2

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.3

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.4

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.5

arne_redlich_\&_ross_walkeriscsitargetMatch0.2.6

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.0

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.1

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.2

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.3

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.4

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.5

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.6

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.7

arne_redlich_\&_ross_walkeriscsitargetMatch0.3.8

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.0

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.1

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.2

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.3

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.4

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.5

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.6

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.7

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.8

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.9

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.10

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.11

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.12

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.13

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.14

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.15

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.16

arne_redlich_\&_ross_walkeriscsitargetMatch0.4.17

arne_redlich_\&_ross_walkeriscsitargetMatch1.4.18

arne_redlich_\&_ross_walkeriscsitargetMatch1.4.19

Node

vladislav_bolkhovitingeneric_scsi_target_subsystemRange≤1.0.1

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.0a

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.1

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.2

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.3

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.3pre1

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.3pre2

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.3pre4

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.4

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.5

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.5.1

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch0.9.5.2

vladislav_bolkhovitingeneric_scsi_target_subsystemMatch1.0.0

AND

linuxlinux_kernel

CPENameOperatorVersion
zaal:tgtzaal tgtle1.0.5
zaal:tgtzaal tgteq0.9.5
zaal:tgtzaal tgteq1.0.0
zaal:tgtzaal tgteq1.0.1
zaal:tgtzaal tgteq1.0.2
zaal:tgtzaal tgteq1.0.3
zaal:tgtzaal tgteq1.0.4

CPE	Name	Operator	Version
zaal:tgt	zaal tgt	le	1.0.5
zaal:tgt	zaal tgt	eq	0.9.5
zaal:tgt	zaal tgt	eq	1.0.0
zaal:tgt	zaal tgt	eq	1.0.1
zaal:tgt	zaal tgt	eq	1.0.2
zaal:tgt	zaal tgt	eq	1.0.3
zaal:tgt	zaal tgt	eq	1.0.4