CVE-2010-2221

CVSS V2 Medium 5 CVSS V3 None
Description
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
Overview
  • CVE ID
  • CVE-2010-2221
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-07-08T18:30:00
  • Last Modified Date
  • 2023-02-13T04:20:29
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:zaal:tgt:*:*:*:*:*:*:*:* 1 OR 1.0.5
cpe:2.3:a:zaal:tgt:0.9.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:zaal:tgt:1.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:zaal:tgt:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:zaal:tgt:1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:zaal:tgt:1.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:zaal:tgt:1.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:*:*:*:*:*:*:*:* 1 OR 1.4.20
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.3.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:0.4.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:1.4.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:arne_redlich_\&_ross_walker:iscsitarget:1.4.19:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:*:*:*:*:*:*:*:* 1 OR 1.0.1
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.0a:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.3:pre1:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.3:pre2:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.3:pre4:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:0.9.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vladislav_bolkhovitin:generic_scsi_target_subsystem:1.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
History
Created Old Value New Value Data Type Notes
2022-05-10 11:09:00 Added to TrackCVE
2023-02-02 18:02:38 2023-02-02T17:17:34 CVE Modified Date updated
2023-02-02 18:02:39 Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. CVE-2010-2221 scsi-target-utils: stack buffer overflow vulnerability Description updated
2023-02-13 05:03:44 2023-02-13T04:20:29 CVE Modified Date updated
2023-02-13 05:03:45 CVE-2010-2221 scsi-target-utils: stack buffer overflow vulnerability Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. Description updated