Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2010-0518.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 5 : scsi-target-utils (ELSA-2010-0518)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.593 Medium

EPSS

Percentile

97.8%

JSON

From Red Hat Security Advisory 2010:0518 :

An updated scsi-target-utils package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported.

Multiple buffer overflow flaws were found in scsi-target-utils’ tgtd daemon. A remote attacker could trigger these flaws by sending a carefully-crafted Internet Storage Name Service (iSNS) request, causing the tgtd daemon to crash. (CVE-2010-2221)

Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws.

All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct these issues. All running scsi-target-utils services must be restarted for the update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2010:0518 and 
# Oracle Linux Security Advisory ELSA-2010-0518 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68058);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-2221");
  script_bugtraq_id(41327);
  script_xref(name:"RHSA", value:"2010:0518");

  script_name(english:"Oracle Linux 5 : scsi-target-utils (ELSA-2010-0518)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2010:0518 :

An updated scsi-target-utils package that fixes multiple security
issues is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

The scsi-target-utils package contains the daemon and tools to set up
and monitor SCSI targets. Currently, iSCSI software and iSER targets
are supported.

Multiple buffer overflow flaws were found in scsi-target-utils' tgtd
daemon. A remote attacker could trigger these flaws by sending a
carefully-crafted Internet Storage Name Service (iSNS) request,
causing the tgtd daemon to crash. (CVE-2010-2221)

Red Hat would like to thank the Vulnerability Research Team at TELUS
Security Labs and Fujita Tomonori for responsibly reporting these
flaws.

All scsi-target-utils users should upgrade to this updated package,
which contains a backported patch to correct these issues. All running
scsi-target-utils services must be restarted for the update to take
effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2010-July/001522.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected scsi-target-utils package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:scsi-target-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL5", reference:"scsi-target-utils-0.0-6.20091205snap.el5_5.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "scsi-target-utils");
}
VendorProductVersionCPE
oraclelinuxscsi-target-utilsp-cpe:/a:oracle:linux:scsi-target-utils
oraclelinux5cpe:/o:oracle:linux:5

Related

checkpoint_advisories 2
nvd 1
cvelist 1
veracode 1
nessus 15
securityvulns 2
redhat 1
cve 1
oraclelinux 1
openvas 12
centos 1
prion 1
ubuntucve 1
fedora 1
ubuntu 1
checkpoint_advisories
checkpoint_advisories
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow (CVE-2010-2221)
2010-09-27 00:00:00
iSCSI target Multiple Implementations iSNS Stack Buffer Overflow - High Confidence (CVE-2010-2221)
2013-04-22 00:00:00
nvd
nvd
CVE-2010-2221
2010-07-08 18:30:00
cvelist
cvelist
CVE-2010-2221
2010-07-08 18:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:05
nessus
nessus
RHEL 5 : scsi-target-utils (RHSA-2010:0518)
2013-01-24 00:00:00
CentOS 5 : scsi-target-utils (CESA-2010:0518)
2010-07-16 00:00:00
Scientific Linux Security Update : scsi-target-utils on SL5.x i386/x86_64
2012-08-01 00:00:00
securityvulns
securityvulns
Multiple iSCSI implementations security vulnerabilities
2010-07-06 00:00:00
TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow
2010-07-06 00:00:00
redhat
redhat
(RHSA-2010:0518) Important: scsi-target-utils security update
2010-07-08 00:00:00
cve
cve
CVE-2010-2221
2010-07-08 18:30:00
oraclelinux
oraclelinux
scsi-target-utils security update
2010-07-08 00:00:00
openvas
openvas
CentOS Update for scsi-target-utils CESA-2010:0518 centos5 i386
2011-08-09 00:00:00
CentOS Update for scsi-target-utils CESA-2010:0518 centos5 i386
2011-08-09 00:00:00
Oracle: Security Advisory (ELSA-2010-0518)
2015-10-06 00:00:00
centos
centos
scsi security update
2010-07-14 22:27:09
prion
prion
Buffer overflow
2010-07-08 18:30:00
ubuntucve
ubuntucve
CVE-2010-2221
2010-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: scsi-target-utils-1.0.18-1.fc14
2011-07-12 04:55:18
ubuntu
ubuntu
tgt vulnerabilities
2011-06-21 00:00:00

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.593 Medium

EPSS

Percentile

97.8%

JSON
Related for ORACLELINUX_ELSA-2010-0518.NASL
checkpoint_advisories2nvd1cvelist1veracode1nessus15securityvulns2redhat1cve1oraclelinux1openvas12centos1prion1ubuntucve1fedora1ubuntu1