Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-28374
HistoryJan 12, 2021 - 12:00 a.m.

CVE-2020-28374

2021-01-1200:00:00
ubuntu.com
ubuntu.com
33

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

72.9%

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7,
insufficient identifier checking in the LIO SCSI target code can be used by
remote attackers to read or write files via directory traversal in an XCOPY
request, aka CID-2896c93811e3. For example, an attack can occur over a
network if the attacker has access to one iSCSI LUN. The attacker gains
control over file access because I/O operations are proxied via an
attacker-selected backstore.

Notes

Author Note
sbeattie MITIGATION XCOPY support is enabled by default, but can be disabled via: echo 0 > /sys/kernel/config/target/core/<backstore>/<name>/attrib/emulate_3pc or targetcli /backstores/<backstore>/<name> set attribute emulate_3pc=0 . This workaround does not affect XCOPY requests sent to tcmu-runner based backstores.
Rows per page:
1-10 of 551

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

72.9%