drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in tgt
| Name: |
Ausführen beliebiger Kommandos in tgt |
|
| ID: |
USN-1156-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.10, Ubuntu 11.04 |
|
| Datum: |
Di, 21. Juni 2011, 16:10 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0001 |
|
| Applikationen: |
tgt |
|
Originalnachricht |
--===============4220542279304735956==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-sTBqfvEzPUr7Dy5m6BC3"
--=-sTBqfvEzPUr7Dy5m6BC3
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1156-1
June 21, 2011
tgt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
Summary:
An attacker could send crafted input to tgt and cause it to crash or run
arbitrary programs.
Software Description:
- tgt: Linux SCSI target user-space tools
Details:
It was discovered that tgt incorrectly handled long iSCSI name strings, and
invalid PDUs. A remote attacker could exploit this to cause tgt to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 10.10. (CVE-2010-2221)
Emmanuel Bouillon discovered that tgt incorrectly handled certain iSCSI
logins. A remote attacker could exploit this to cause tgt to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2011-0001)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
tgt 1:1.0.13-0ubuntu2.1
Ubuntu 10.10:
tgt 1:1.0.4-1ubuntu4.1
In general, a standard system update will make all the necessary changes.
References:
CVE-2010-2221, CVE-2011-0001
Package Information:
https://launchpad.net/ubuntu/+source/tgt/1:1.0.13-0ubuntu2.1
https://launchpad.net/ubuntu/+source/tgt/1:1.0.4-1ubuntu4.1
--ÜTBqfvEzPUr7Dy5m6BC3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOAJSNAAoJEGVp2FWnRL6TwgcQAI8FPsNPuEpwGGItHClBFxaI
Fj8HLmwjlJ8+Yo7sJ9hi3zxlwVTUnZb66gfr3GwYmk15Vd6xFQIgERREHy0PneqS
XumjkrRMORQgk9rgevgcuGhX5PGa07fkD3FgcRUIqJ2BaoOO4Ty+d3Gaeib/PVEi
IZ2HQ3YNyXvvfxjsMMqbIncTzjX5u+zo59RzN52M6L5vblXODhq7t5kGojVX5kEq
vVAxFO+z20zE/gjWYPwCuP2mLZxkbkbAE6ESIHGSHjCvvHlROqQ/Y1AEAfUFo4iv
vYowdTyL+G9K2kPeW43YHJrkBKlOOE1Jm0iNfIHNiT974FZ8DlnpISSDPlYhWDas
8HaXD19quhzvZ+c/S7sp4t3QE3Dznest5I2PmEfRZBhY/2N0sAEMhlRIWrttFjFj
SZBfFsxCWPmEHc1Hdl77dqC3+o+QC9HuamZ4qhiTomYPhEdOQXyAL+Gt2bdDF9Fu
TBwtWutfQC2iMp4pr40JWFKjMYM2Gd3xg3caO59DMB9P93o1wKvEATUfgJijgeaz
JbE9L8Yw9Zhytu0vZ4BCBW1X/1Qk+bBauqWGscOFotJP5V0Wqs2OQ5J3O5dnvdEH
vhggDtqSF+mOXq8y86HAOWLT2GzqdGtYqKaaC3qCDdrtYL1qccjH3binVzbwAEMr
MBkHntxuZksMoK4zZb5v
=enJi
-----END PGP SIGNATURE-----
--=-sTBqfvEzPUr7Dy5m6BC3--
--===============4220542279304735956==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4220542279304735956==--
|
|
|
|
