----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Linux SCSI Target Framework (tgt) Format String Vulnerabilities

SECUNIA ADVISORY ID:
SA39142

VERIFY ADVISORY:
http://secunia.com/advisories/39142/

DESCRIPTION:
Some vulnerabilities have been reported in Linux SCSI Target
Framework (tgt), which can be exploited by malicious users to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

The vulnerabilities are caused due to format string errors within the
"isns_attr_query()" and "qry_rsp_handle()" functions in
usr/iscsi/isns.c, which can be exploited to cause a crash and
potentially execute arbitrary code.

The vulnerabilities are reported in version 1.0.3. Other versions may
also be affected.

SOLUTION:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commitdiff;h=107d922706cd36f3bb79bcca9bc4678c32f22e59

PROVIDED AND/OR DISCOVERED BY:
Arne Redlich

ORIGINAL ADVISORY:
http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commitdiff;h=107d922706cd36f3bb79bcca9bc4678c32f22e59

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------