Linux Distros Unpatched Vulnerability : CVE-2021-3139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing...

Linux Distros Unpatched Vulnerability : CVE-2020-28374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote...

K15747621: Linux kernel vulnerability CVE-2020-28374

Security Advisory Description In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, ...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0009)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerability (USN-4753-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4753-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker wi...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9024)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9024 advisory. 4.14.35-2025.404.1.2.el7 - Revert 'rds: Deregister all FRWR mr with freemr' aru kolappan Orabug: 32426280 Tenable has extracted the preceding descripti...

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7 insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request aka CID-2896c93811e3. For example an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

...

DEBIAN-CVE-2021-3139

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...

UBUNTU-CVE-2021-3139

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...

Directory traversal

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9005 advisory. - target: fix XCOPY NAA identifier lookup David Disseldorp Orabug: 32248040 CVE-2020-28374 - xenbus/xenbusbackend: Disallow pending watch messages...