205 matches found
Huawei EulerOS: Security Advisory for python-rtslib (EulerOS-SA-2021-1255)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : python-rtslib (EulerOS-SA-2021-1255)
According to the version of the python-rtslib packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the...
EulerOS 2.0 SP9 : python-rtslib (EulerOS-SA-2021-1274)
According to the version of the python-rtslib packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the...
Medium: python-rtslib
Issue Overview: A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior acce...
Amazon Linux 2 : python-rtslib (ALAS-2021-1589)
The version of python-rtslib installed on the remote host is prior to 2.1.74-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1589 advisory. A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for...
openSUSE Security Update : open-iscsi (openSUSE-2021-89)
This update for open-iscsi fixes the following issues : - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc1179908, including : - uip: check for TCP urgent pointer past end of frame - uip: check for u8 overflow when processing TCP options - uip: check for header length underflow during...
EulerOS 2.0 SP3 : python-rtslib (EulerOS-SA-2021-1116)
According to the version of the python-rtslib package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is...
Huawei EulerOS: Security Advisory for python-rtslib (EulerOS-SA-2021-1116)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2021:0089-1 Security update for open-iscsi
This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc1179908, including: uip: check for TCP urgent pointer past end of frame uip: check for u8 overflow when processing TCP options uip: check for header length underflow during checksum...
Security update for open-iscsi (important)
openSUSE Security Update: Security update for open-iscsi Announcement ID: openSUSE-SU-2021:0089-1 Rating: important References: 1179440 1179908 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for open-iscsi fixes the...
SUSE SLED15 / SLES15 Security Update : open-iscsi (SUSE-SU-2021:0127-1)
This update for open-iscsi fixes the following issues : Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc1179908, including : - uip: check for TCP urgent pointer past end of frame - uip: check for u8 overflow when processing TCP options - uip: check for header length underflow during...
SUSE-SU-2021:0127-1 Security update for open-iscsi
This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc1179908, including: uip: check for TCP urgent pointer past end of frame uip: check for u8 overflow when processing TCP options uip: check for header length underflow during checksum...
CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
DEBIAN-CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
Directory traversal
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
UBUNTU-CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
CVE-2021-3139
CVE-2021-3139 affects Open-iSCSI tcmu-runner 1.3.x–1.5.x (through 1.5.2); the XCOPY path xcopy_locate_udev in tcmur_cmd_handler.c lacks transport-layer access checks, enabling remote attackers who have access to an iSCSI LUN to read/write files via directory traversal over the network. Connected ...