CVE-2021-3139

Published: 13 January 2021

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
tcmu
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla)
Released (1.5.2-5ubuntu0.20.10.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1.5.2-5ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/open-iscsi/tcmu-runner/commit/b4a986b0d1233a8a6f2d340133c2efaa1d9e8c14

Notes

AuthorNote
amurray 
Related to CVE-2020-28374

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading