Debian: DSA-2042-1: New iscsitarget packages fix arbitrary code execution

    Date05 May 2010
    CategoryDebian
    29
    Posted ByLinuxSecurity Advisories
    Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework (which is known as iscsitarget under Debian) allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name Service (iSNS)
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ---------------------------------------------------------------------------
    Debian Security Advisory DSA-2042-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                               Luciano Bello
    May 5th, 2010                            http://www.debian.org/security/faq
    - ---------------------------------------------------------------------------
    
    Package        : iscsitarget
    Vulnerability  : format string
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 574935
    CVE ID         : CVE-2010-0743
    
    Florent Daigniere discovered multiple format string vulnerabilities in Linux
    SCSI target framework (which is known as iscsitarget under Debian) allow remote
    attackers to cause a denial of service in the ietd daemon. The flaw could be
    trigger by sending a carefully-crafted Internet Storage Name Service (iSNS)
    request.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.4.16+svn162-3.1+lenny1.
    
    For the testing distribution (squeeze), this problem has been fixed in
    version 0.4.17+svn229-1.4.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 0.4.17+svn229-1.4.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
        Size/MD5 checksum:     1193 df8ae44c0366731c4102f1c5290f6c15
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162.orig.tar.gz
        Size/MD5 checksum:   354607 7105541d6b64f75852a725bcc26636bf
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
        Size/MD5 checksum:     6743 d529b9d00d84471b032a425596ee63fe
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
        Size/MD5 checksum:    42926 006bfefbd074b9dbf72843ef643ff8df
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_alpha.deb
        Size/MD5 checksum:    67210 14b0bdb4c8ec37cbafdea7794e23abd8
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_amd64.deb
        Size/MD5 checksum:    60612 109ce97790e712a34de0f35900013b4c
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_arm.deb
        Size/MD5 checksum:    56720 18811f116a76d7313a2a3a28110cf826
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_armel.deb
        Size/MD5 checksum:    54884 3e461faf8c4894b16ca5ef30fe984f9d
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_hppa.deb
        Size/MD5 checksum:    61690 e782044016a48646e518672dab64fa38
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
        Size/MD5 checksum:    55872 4b76ecbc8b77f188fddeb22c85340730
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_ia64.deb
        Size/MD5 checksum:    78788 64e434cc92a5c15464bbd686cf42b5e5
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_mips.deb
        Size/MD5 checksum:    60938 4bd9648a4d57aebbf988bd109d50db31
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_mipsel.deb
        Size/MD5 checksum:    60864 7f6bae57597af59dec08361837b52e6a
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_powerpc.deb
        Size/MD5 checksum:    63610 1c2e92e14e5880718638fc4f73e35e3f
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_s390.deb
        Size/MD5 checksum:    60210 5ad590f73d54b0524c95e9281e30a2ae
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_sparc.deb
        Size/MD5 checksum:    55122 1ddde4c48656b1db8121312202d40c76
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.