ID de Prueba:	1.3.6.1.4.1.25623.1.0.67665
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0518
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0518. The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. Multiple buffer overflow flaws were found in scsi-target-utils' tgtd daemon. A remote attacker could trigger these flaws by sending a carefully-crafted Internet Storage Name Service (iSNS) request, causing the tgtd daemon to crash. (CVE-2010-2221) Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct these issues. All running scsi-target-utils services must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0518.html http://www.redhat.com/security/updates/classification/#important Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2221 1024175 http://www.securitytracker.com/id?1024175 20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html 40485 http://secunia.com/advisories/40485 40494 http://secunia.com/advisories/40494 40495 http://secunia.com/advisories/40495 41327 http://www.securityfocus.com/bid/41327 65990 http://www.osvdb.org/65990 65991 http://www.osvdb.org/65991 65992 http://www.osvdb.org/65992 ADV-2010-1760 http://www.vupen.com/english/advisories/2010/1760 ADV-2010-1786 http://www.vupen.com/english/advisories/2010/1786 MDVSA-2010:131 http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 RHSA-2010:0518 http://www.redhat.com/support/errata/RHSA-2010-0518.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel [stgt] 20100701 1.0.6 released http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793 http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 https://bugzilla.redhat.com/show_bug.cgi?id=593877
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.