CentOS Local Security Checks : CentOS Update for scsi-target-utils CESA-2011:0332 centos5 x86

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881367

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for scsi-target-utils CESA-2011:0332 centos5 x86_64

Zusammenfassung: The remote host is missing an update for the 'scsi-target-utils'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'scsi-target-utils'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The scsi-target-utils package contains the daemon and tools to set up and
monitor SCSI targets. Currently, iSCSI software and iSER targets are
supported.

A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote
attacker could trigger this flaw by sending carefully-crafted network
traffic, causing the tgtd daemon to crash. (CVE-2011-0001)

Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for
reporting this issue.

All scsi-target-utils users should upgrade to this updated package, which
contains a backported patch to correct this issue. All running
scsi-target-utils services must be restarted for the update to take effect.

Affected Software/OS:
scsi-target-utils on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0001
1025184
http://www.securitytracker.com/id?1025184
43706
http://secunia.com/advisories/43706
43713
http://secunia.com/advisories/43713
46817
http://www.securityfocus.com/bid/46817
ADV-2011-0636
http://www.vupen.com/english/advisories/2011/0636
DSA-2209
http://www.debian.org/security/2011/dsa-2209
RHSA-2011:0332
http://www.redhat.com/support/errata/RHSA-2011-0332.html
SUSE-SR:2011:009
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login
http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html
https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=667261
lstf-iscsirxhandler-dos(66010)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66010

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881367
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for scsi-target-utils CESA-2011:0332 centos5 x86_64
Zusammenfassung:	The remote host is missing an update for the 'scsi-target-utils'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'scsi-target-utils' package(s) announced via the referenced advisory. Vulnerability Insight: The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect. Affected Software/OS: scsi-target-utils on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0001 1025184 http://www.securitytracker.com/id?1025184 43706 http://secunia.com/advisories/43706 43713 http://secunia.com/advisories/43713 46817 http://www.securityfocus.com/bid/46817 ADV-2011-0636 http://www.vupen.com/english/advisories/2011/0636 DSA-2209 http://www.debian.org/security/2011/dsa-2209 RHSA-2011:0332 http://www.redhat.com/support/errata/RHSA-2011-0332.html SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html [stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff https://bugzilla.redhat.com/show_bug.cgi?id=667261 lstf-iscsirxhandler-dos(66010) https://exchange.xforce.ibmcloud.com/vulnerabilities/66010
Copyright	Copyright (C) 2012 Greenbone AG