ID de Prueba:	1.3.6.1.4.1.25623.1.0.880655
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for scsi-target-utils CESA-2010:0518 centos5 i386
Resumen:	The remote host is missing an update for the 'scsi-target-utils'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'scsi-target-utils' package(s) announced via the referenced advisory. Vulnerability Insight: The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. Multiple buffer overflow flaws were found in scsi-target-utils' tgtd daemon. A remote attacker could trigger these flaws by sending a carefully-crafted Internet Storage Name Service (iSNS) request, causing the tgtd daemon to crash. (CVE-2010-2221) Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct these issues. All running scsi-target-utils services must be restarted for the update to take effect. Affected Software/OS: scsi-target-utils on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2221 1024175 http://www.securitytracker.com/id?1024175 20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html 40485 http://secunia.com/advisories/40485 40494 http://secunia.com/advisories/40494 40495 http://secunia.com/advisories/40495 41327 http://www.securityfocus.com/bid/41327 65990 http://www.osvdb.org/65990 65991 http://www.osvdb.org/65991 65992 http://www.osvdb.org/65992 ADV-2010-1760 http://www.vupen.com/english/advisories/2010/1760 ADV-2010-1786 http://www.vupen.com/english/advisories/2010/1786 MDVSA-2010:131 http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 RHSA-2010:0518 http://www.redhat.com/support/errata/RHSA-2010-0518.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel [stgt] 20100701 1.0.6 released http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793 http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 https://bugzilla.redhat.com/show_bug.cgi?id=593877
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.