Test ID:	1.3.6.1.4.1.25623.1.0.70870
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1156-1 (tgt)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tgt announced via advisory USN-1156-1. Details: It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. (CVE-2010-2221) Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2011-0001) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: tgt 1:1.0.13-0ubuntu2.1 Ubuntu 10.10: tgt 1:1.0.4-1ubuntu4.1 http://www.securityspace.com/smysecure/catid.html?in=USN-1156-1 CVSS Score: 5.0 CVSS Vector: AV:L/AC:L/Au:NR/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2221 1024175 http://www.securitytracker.com/id?1024175 20100702 TELUS Security Labs VR - iSCSI target Multiple Implementations iSNS Stack Buffer Overflow http://archives.neohapsis.com/archives/bugtraq/2010-07/0022.html http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html 40485 http://secunia.com/advisories/40485 40494 http://secunia.com/advisories/40494 40495 http://secunia.com/advisories/40495 41327 http://www.securityfocus.com/bid/41327 65990 http://www.osvdb.org/65990 65991 http://www.osvdb.org/65991 65992 http://www.osvdb.org/65992 ADV-2010-1760 http://www.vupen.com/english/advisories/2010/1760 ADV-2010-1786 http://www.vupen.com/english/advisories/2010/1786 MDVSA-2010:131 http://www.mandriva.com/security/advisories?name=MDVSA-2010:131 RHSA-2010:0518 http://www.redhat.com/support/errata/RHSA-2010-0518.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [iscsitarget-devel] 20100701 [patch] fix iSNS bounds checking http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel [stgt] 20100701 1.0.6 released http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html http://scst.svn.sourceforge.net/viewvc/scst/trunk/iscsi-scst/usr/isns.c?r1=1793&r2=1792&pathrev=1793 http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 https://bugzilla.redhat.com/show_bug.cgi?id=593877 Common Vulnerability Exposure (CVE) ID: CVE-2011-0001 1025184 http://www.securitytracker.com/id?1025184 43706 http://secunia.com/advisories/43706 43713 http://secunia.com/advisories/43713 46817 http://www.securityfocus.com/bid/46817 ADV-2011-0636 http://www.vupen.com/english/advisories/2011/0636 DSA-2209 http://www.debian.org/security/2011/dsa-2209 RHSA-2011:0332 http://www.redhat.com/support/errata/RHSA-2011-0332.html SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html [stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff https://bugzilla.redhat.com/show_bug.cgi?id=667261 lstf-iscsirxhandler-dos(66010) https://exchange.xforce.ibmcloud.com/vulnerabilities/66010
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.