drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in tgt
Name: |
Ausführen beliebiger Kommandos in tgt |
|
ID: |
USN-1156-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Di, 21. Juni 2011, 16:10 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0001 |
|
Applikationen: |
tgt |
|
Originalnachricht |
--===============4220542279304735956== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-sTBqfvEzPUr7Dy5m6BC3"
--=-sTBqfvEzPUr7Dy5m6BC3 Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1156-1 June 21, 2011
tgt vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10
Summary:
An attacker could send crafted input to tgt and cause it to crash or run arbitrary programs.
Software Description: - tgt: Linux SCSI target user-space tools
Details:
It was discovered that tgt incorrectly handled long iSCSI name strings, and invalid PDUs. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 10.10. (CVE-2010-2221)
Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI logins. A remote attacker could exploit this to cause tgt to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2011-0001)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: tgt 1:1.0.13-0ubuntu2.1
Ubuntu 10.10: tgt 1:1.0.4-1ubuntu4.1
In general, a standard system update will make all the necessary changes.
References: CVE-2010-2221, CVE-2011-0001
Package Information: https://launchpad.net/ubuntu/+source/tgt/1:1.0.13-0ubuntu2.1 https://launchpad.net/ubuntu/+source/tgt/1:1.0.4-1ubuntu4.1
--ÜTBqfvEzPUr7Dy5m6BC3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOAJSNAAoJEGVp2FWnRL6TwgcQAI8FPsNPuEpwGGItHClBFxaI Fj8HLmwjlJ8+Yo7sJ9hi3zxlwVTUnZb66gfr3GwYmk15Vd6xFQIgERREHy0PneqS XumjkrRMORQgk9rgevgcuGhX5PGa07fkD3FgcRUIqJ2BaoOO4Ty+d3Gaeib/PVEi IZ2HQ3YNyXvvfxjsMMqbIncTzjX5u+zo59RzN52M6L5vblXODhq7t5kGojVX5kEq vVAxFO+z20zE/gjWYPwCuP2mLZxkbkbAE6ESIHGSHjCvvHlROqQ/Y1AEAfUFo4iv vYowdTyL+G9K2kPeW43YHJrkBKlOOE1Jm0iNfIHNiT974FZ8DlnpISSDPlYhWDas 8HaXD19quhzvZ+c/S7sp4t3QE3Dznest5I2PmEfRZBhY/2N0sAEMhlRIWrttFjFj SZBfFsxCWPmEHc1Hdl77dqC3+o+QC9HuamZ4qhiTomYPhEdOQXyAL+Gt2bdDF9Fu TBwtWutfQC2iMp4pr40JWFKjMYM2Gd3xg3caO59DMB9P93o1wKvEATUfgJijgeaz JbE9L8Yw9Zhytu0vZ4BCBW1X/1Qk+bBauqWGscOFotJP5V0Wqs2OQ5J3O5dnvdEH vhggDtqSF+mOXq8y86HAOWLT2GzqdGtYqKaaC3qCDdrtYL1qccjH3binVzbwAEMr MBkHntxuZksMoK4zZb5v =enJi -----END PGP SIGNATURE-----
--=-sTBqfvEzPUr7Dy5m6BC3--
--===============4220542279304735956== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4220542279304735956==--
|
|
|
|