CVE-2011-0001
Published: 15 March 2011
Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
Notes
Author | Note |
---|---|
mdeslaur | actually got fixed in 1.0.15 |
Priority
Status
Package | Release | Status |
---|---|---|
tgt Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Released
(1:1.0.4-1ubuntu4.1)
|
|
natty |
Released
(1:1.0.13-0ubuntu2.1)
|
|
oneiric |
Released
(1:1.0.13-0ubuntu3)
|
|
precise |
Released
(1:1.0.13-0ubuntu3)
|
|
quantal |
Released
(1:1.0.13-0ubuntu3)
|
|
raring |
Released
(1:1.0.13-0ubuntu3)
|
|
saucy |
Released
(1:1.0.13-0ubuntu3)
|
|
upstream |
Released
(1.0.15)
|
|
Patches: upstream: http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html |