CVE-2011-0001
Published: 15 March 2011
Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
Notes
| Author | Note |
|---|---|
| mdeslaur | actually got fixed in 1.0.15 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tgt Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Released
(1:1.0.4-1ubuntu4.1)
|
|
| natty |
Released
(1:1.0.13-0ubuntu2.1)
|
|
| oneiric |
Released
(1:1.0.13-0ubuntu3)
|
|
| precise |
Released
(1:1.0.13-0ubuntu3)
|
|
| quantal |
Released
(1:1.0.13-0ubuntu3)
|
|
| raring |
Released
(1:1.0.13-0ubuntu3)
|
|
| saucy |
Released
(1:1.0.13-0ubuntu3)
|
|
| upstream |
Released
(1.0.15)
|
|
|
Patches: upstream: http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html |
||