CVE-2011-0001

Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
zaaltgt
𝑥
≤ 1.0.13
zaaltgt
0.9.5
zaaltgt
1.0.0
zaaltgt
1.0.1
zaaltgt
1.0.2
zaaltgt
1.0.3
zaaltgt
1.0.4
zaaltgt
1.0.5
zaaltgt
1.0.6
zaaltgt
1.0.7
zaaltgt
1.0.8
zaaltgt
1.0.9
zaaltgt
1.0.10
zaaltgt
1.0.11
zaaltgt
1.0.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tgt
bullseye
1:1.0.80-1
fixed
bookworm
1:1.0.85-1
fixed
sid
1:1.0.85-1.3
fixed
trixie
1:1.0.85-1.3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tgt
saucy
Fixed 1:1.0.13-0ubuntu3
released
raring
Fixed 1:1.0.13-0ubuntu3
released
quantal
Fixed 1:1.0.13-0ubuntu3
released
precise
Fixed 1:1.0.13-0ubuntu3
released
oneiric
Fixed 1:1.0.13-0ubuntu3
released
natty
Fixed 1:1.0.13-0ubuntu2.1
released
maverick
Fixed 1:1.0.4-1ubuntu4.1
released
lucid
ignored
karmic
ignored
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html
http://secunia.com/advisories/43706
http://secunia.com/advisories/43713
http://www.debian.org/security/2011/dsa-2209
http://www.redhat.com/support/errata/RHSA-2011-0332.html
http://www.securityfocus.com/bid/46817
http://www.securitytracker.com/id?1025184
http://www.vupen.com/english/advisories/2011/0636
https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=667261
https://exchange.xforce.ibmcloud.com/vulnerabilities/66010
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.wpkg.org/pipermail/stgt/2011-March/004473.html
http://secunia.com/advisories/43706
http://secunia.com/advisories/43713
http://www.debian.org/security/2011/dsa-2209
http://www.redhat.com/support/errata/RHSA-2011-0332.html
http://www.securityfocus.com/bid/46817
http://www.securitytracker.com/id?1025184
http://www.vupen.com/english/advisories/2011/0636
https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=667261
https://exchange.xforce.ibmcloud.com/vulnerabilities/66010