CVE-2021-3139
Published: 13 January 2021
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.
Priority
CVSS 3 base score: 8.1
Status
Package | Release | Status |
---|---|---|
tcmu Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
Ubuntu 20.10 (Groovy Gorilla) |
Released
(1.5.2-5ubuntu0.20.10.1)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Released
(1.5.2-5ubuntu0.20.04.1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Patches: Upstream: https://github.com/open-iscsi/tcmu-runner/commit/b4a986b0d1233a8a6f2d340133c2efaa1d9e8c14 |