Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 11.04/10.10: USN-1156-1 Critical: tgt DoS Threat

Calendar Jun 21, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical update arbitrary code application crash ubuntu tgt
An attacker could send crafted input to tgt and cause it to crash or run arbitrary programs. 
=========================================================================Ubuntu Security Notice USN-1156-1
June 21, 2011

tgt vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10

Summary:

An attacker could send crafted input to tgt and cause it to crash or run
arbitrary programs.

Software Description:
- tgt: Linux SCSI target user-space tools

Details:

It was discovered that tgt incorrectly handled long iSCSI name strings, and
invalid PDUs. A remote attacker could exploit this to cause tgt to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 10.10. (CVE-2010-2221)

Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI
logins. A remote attacker could exploit this to cause tgt to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2011-0001)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  tgt                             1:1.0.13-0ubuntu2.1

Ubuntu 10.10:
  tgt                             1:1.0.4-1ubuntu4.1

In general, a standard system update will make all the necessary changes.

References:
  CVE-2010-2221, CVE-2011-0001

Package Information:
  https://launchpad.net/ubuntu/+source/tgt/1:1.0.13-0ubuntu2.1
  https://launchpad.net/ubuntu/+source/tgt/1:1.0.4-1ubuntu4.1

Ubuntu 11.04/10.10: USN-1156-1 Critical: tgt DoS Threat

ubuntu
Calendar Grey June 21, 2011
Dist Ubuntu Esm H88
Mitigating tgt weaknesses in Ubuntu 11.04 and 10.10 through essential patches for heightened protection.
An attacker could send crafted input to tgt and cause it to crash or run arbitrary programs.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical update arbitrary code application crash ubuntu tgt

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: tgt 1:1.0.13-0ubuntu2.1 Ubuntu 10.10: tgt 1:1.0.4-1ubuntu4.1 In general, a standard system update will make all the necessary changes.

References

CVE-2010-2221, CVE-2011-0001

Severity
critical
Lowest
Low
Medium
High
Critical

June 21, 2011

Topics%20covered

Topics Covered

security advisory denial of service critical update arbitrary code application crash ubuntu tgt

Package Information

https://launchpad.net/ubuntu/+source/tgt/1:1.0.13-0ubuntu2.1 https://launchpad.net/ubuntu/+source/tgt/1:1.0.4-1ubuntu4.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here