Debian Bug report logs - #574935
iscsitarget: Format string vulnerability

version graph

Package: iscsitarget; Maintainer for iscsitarget is Debian iSCSI Maintainers <pkg-iscsi-maintainers@lists.alioth.debian.org>; Source for iscsitarget is src:iscsitarget.

Reported by: Florent Daigniere <nextgens@freenetproject.org>

Date: Mon, 22 Mar 2010 10:51:02 UTC

Severity: critical

Tags: patch, security

Found in version iscsitarget/0.4.16+svn162-3

Fixed in versions iscsitarget/1.4.20-1, iscsitarget/0.4.17+svn229-1.4, iscsitarget/0.4.16+svn162-3+lenny1, iscsitarget/0.4.16+svn162-3.1+lenny1

Done: Luciano Bello <luciano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Philipp Hug <debian@hug.cx>:
Bug#574935; Package iscsitarget. (Mon, 22 Mar 2010 10:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florent Daigniere <nextgens@freenetproject.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Philipp Hug <debian@hug.cx>. (Mon, 22 Mar 2010 10:51:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Florent Daigniere <nextgens@freenetproject.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: iscsitarget: Format string vulnerability
Date: Mon, 22 Mar 2010 09:58:05 +0000
Package: iscsitarget
Version: 0.4.16+svn162-3
Severity: critical
Tags: security
Justification: root security hole


There is at least two remotely exploitable format string vulnerabilities in the debian stable package... which have been fixed upstream.

isns.c:302
isns.c:690

The default init script encourage users to run ietd as root (see the following bugs)

#545536 iscsitarget: allow running as non-root
#566509 New upstream version

Please fix it.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages iscsitarget depends on:
ii  libc6                   2.7-18lenny2     GNU C Library: Shared libraries
ii  libssl0.9.8             0.9.8g-15+lenny6 SSL shared libraries

Versions of packages iscsitarget recommends:
pn  iscsitarget-module            <none>     (no description available)

Versions of packages iscsitarget suggests:
pn  iscsitarget-source            <none>     (no description available)

-- no debconf information




Bug 574935 cloned as bug 576086. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Wed, 31 Mar 2010 18:51:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Philipp Hug <debian@hug.cx>:
Bug#574935; Package iscsitarget. (Wed, 31 Mar 2010 19:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Philipp Hug <debian@hug.cx>. (Wed, 31 Mar 2010 19:21:07 GMT) Full text and rfc822 format available.

Message #12 received at 574935@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: 574935@bugs.debian.org, 576086@bugs.debian.org
Cc: Debian Bug Control <control@bugs.debian.org>, 574935-subscribe@bugs.debian.org, 576086-subscribe@bugs.debian.org
Subject: CVE-2010-0743
Date: Wed, 31 Mar 2010 21:13:05 +0200
[Message part 1 (text/plain, inline)]
tags 574935 patch
tags 576086 patch
thanks

Hi,

this issue got a CVE id, CVE-2010-0743.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Patch:
http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commitdiff;h=107d922706cd36f3bb79bcca9bc4678c32f22e59

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Added tag(s) patch. Request was from Giuseppe Iuculano <giuseppe@iuculano.it> to control@bugs.debian.org. (Wed, 31 Mar 2010 19:21:10 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions iscsitarget/0.4.17+svn229-1.4. Request was from Florent Daigniere <florent.daigniere@trustmatta.com> to control@bugs.debian.org. (Fri, 16 Apr 2010 11:39:08 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions iscsitarget/1.4.20-1. Request was from Ritesh Raj Sarraf <rrs@researchut.com> to control@bugs.debian.org. (Sat, 24 Apr 2010 16:12:03 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Ritesh Raj Sarraf <rrs@researchut.com> to control@bugs.debian.org. (Mon, 26 Apr 2010 18:15:16 GMT) Full text and rfc822 format available.

Reply sent to Ritesh Raj Sarraf <rrs@researchut.com>:
You have taken responsibility. (Mon, 26 Apr 2010 19:57:10 GMT) Full text and rfc822 format available.

Notification sent to Florent Daigniere <nextgens@freenetproject.org>:
Bug acknowledged by developer. (Mon, 26 Apr 2010 19:57:10 GMT) Full text and rfc822 format available.

Message #25 received at 574935-close@bugs.debian.org (full text, mbox):

From: Ritesh Raj Sarraf <rrs@researchut.com>
To: 574935-close@bugs.debian.org
Subject: Bug#574935: fixed in iscsitarget 0.4.16+svn162-3+lenny1
Date: Mon, 26 Apr 2010 19:52:49 +0000
Source: iscsitarget
Source-Version: 0.4.16+svn162-3+lenny1

We believe that the bug you reported is fixed in the latest version of
iscsitarget, which is due to be installed in the Debian FTP archive:

iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
  to main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
  to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
iscsitarget_0.4.16+svn162-3+lenny1.dsc
  to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3+lenny1.dsc
iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
  to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 574935@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@researchut.com> (supplier of updated iscsitarget package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Apr 2010 18:33:53 +0530
Source: iscsitarget
Binary: iscsitarget iscsitarget-source
Architecture: source amd64 all
Version: 0.4.16+svn162-3+lenny1
Distribution: stable
Urgency: low
Maintainer: Philipp Hug <debian@hug.cx>
Changed-By: Ritesh Raj Sarraf <rrs@researchut.com>
Description: 
 iscsitarget - iSCSI Enterprise Target userland tools
 iscsitarget-source - iSCSI Enterprise Target kernel module source
Closes: 574935
Changes: 
 iscsitarget (0.4.16+svn162-3+lenny1) stable; urgency=low
 .
   * Fix CVE-2010-0743 (Closes: #574935)
Checksums-Sha1: 
 75162dd32a547571ec5b6b077c816ede250cb64f 1826 iscsitarget_0.4.16+svn162-3+lenny1.dsc
 8d620242f1e33447ed16d38ca3052678b2cfdfb4 6663 iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
 1ba4e05c2786dd5aba9fb6f7945d74affb2de746 61018 iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
 1ac6622fbff142e197272c65c476a81173274d5b 42844 iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
Checksums-Sha256: 
 96f006a7c9046006d527e197f9f0fe6448faf3f5f68c1c03e04df53af292d00a 1826 iscsitarget_0.4.16+svn162-3+lenny1.dsc
 c5e3a2e7c1e3d729b1ed2a70df73f3cd27094955a5598ce22fdf7b52ef3edb77 6663 iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
 32c618806c910718a32371fcba8f095274eb63201493da836c858123efe40f84 61018 iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
 ae019812d3faa23ab5f2d5ad69917055b0f70c24d117484a99abc889ffc58cfd 42844 iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb
Files: 
 c810486168f23a509b9bef03b4f0a9e1 1826 net optional iscsitarget_0.4.16+svn162-3+lenny1.dsc
 1392eeb5371655f9b6e8e7ba94ae4bcb 6663 net optional iscsitarget_0.4.16+svn162-3+lenny1.diff.gz
 a5947f4a7ff798186a54ec4f7bc4f7b7 61018 net optional iscsitarget_0.4.16+svn162-3+lenny1_amd64.deb
 961b38b1de54426559f63781067b75af 42844 net optional iscsitarget-source_0.4.16+svn162-3+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJL1ZAjAAoJEKY6WKPy4XVpEAEQAINGlZ1aevrkhdhcuRODqfvW
OWziGHAeHR9XFNoJNR776+8ISymA1yk1Qo8yRsfQG9IXle7H8zq6IbxaDnS8Tk+Y
tAF2/dWCgV29e7HcnN0usWcLoERgIDvIb8IsXhh54LQMSohDg8r1l4q3Jxn3EtdV
yRe977+D6g2cfgpka5B2fGLqFXcHntOWv2IBGQpVw/TKBuiw0HCG0QLzvDS/5b4F
d58tbgzX4LK5EyWxwtdEgbQk6Fhr8piyYkf0ZWWXjyxIcL+4wOfBJMRlH3CxhTWp
i7W+0dzpkwKw+c09UYO3pGvZRkl0tJP+FHI1Tr6KjlQE011Tnq8WDfihePG8tUKL
Y2efkmCU3BsrUiJy3Yj7T2WZweL3QMy8jQJGkq7jB8wI4nCYzBKIX5jKab5Z63ze
w2xJnlDIiieqBMgI3EJX0rSo6TvZrscbba5imuqWv9S/un2HWiOHHZXP2QXeiIYi
ygfpwGwnOW6vQ5l+TMS/Y6fT3ZHJuqSlCVrDsEkq0BdkQucUfgY+4xGs42CgJ4nE
C/PAz+gy+6LaxpajVOnDfUi7u2h3yquLQ60IIR2bBowLCKijxor9sSgy5QwveV0V
SZFfsruTdoWx1i5lNcnvWTXn4gi/kNacOOilB5rTxDF0SehOK9oEnnnrr2mXNMhn
gotRFY+SdwALco8JkeJh
=liZW
-----END PGP SIGNATURE-----





Reply sent to Luciano Bello <luciano@debian.org>:
You have taken responsibility. (Thu, 06 May 2010 08:36:12 GMT) Full text and rfc822 format available.

Notification sent to Florent Daigniere <nextgens@freenetproject.org>:
Bug acknowledged by developer. (Thu, 06 May 2010 08:36:12 GMT) Full text and rfc822 format available.

Message #30 received at 574935-close@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: 574935-close@bugs.debian.org
Subject: Bug#574935: fixed in iscsitarget 0.4.16+svn162-3.1+lenny1
Date: Thu, 06 May 2010 08:34:37 +0000
Source: iscsitarget
Source-Version: 0.4.16+svn162-3.1+lenny1

We believe that the bug you reported is fixed in the latest version of
iscsitarget, which is due to be installed in the Debian FTP archive:

iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
  to main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
  to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
  to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
  to main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 574935@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated iscsitarget package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 26 Apr 2010 21:15:55 -0300
Source: iscsitarget
Binary: iscsitarget iscsitarget-source
Architecture: source i386 all
Version: 0.4.16+svn162-3.1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Philipp Hug <debian@hug.cx>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 iscsitarget - iSCSI Enterprise Target userland tools
 iscsitarget-source - iSCSI Enterprise Target kernel module source
Closes: 574935
Changes: 
 iscsitarget (0.4.16+svn162-3.1+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2010-0743: two format string vulnerabilities fixed in isns.c:302
   and isns.c:690, reported by Florent Daigniere. Closes: #574935.
Checksums-Sha1: 
 b75aaf7f2c5d33b91c13f68ea103697460150bc6 1193 iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
 c5e6e1c4fd969647b3a7cc442b6a616f49c2c249 354607 iscsitarget_0.4.16+svn162.orig.tar.gz
 3cbe3189c0195ec1c3663542409716590fa28e0b 6743 iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
 4a9b7673a37713d92f8415b8f562a81396c8aeda 55872 iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
 18e68454c7e35311e62509dba1d1d28e927c6bf2 42926 iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
Checksums-Sha256: 
 fd41d3eabbc707f3eaa4501deb1b0f54533f0707aeb2c30315e6143812ed139d 1193 iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
 a962361a817f2ed27fc060b11f6db68bc899dbc73985373c2ed8a3c6c7827971 354607 iscsitarget_0.4.16+svn162.orig.tar.gz
 15fa9979475807fdbdcb212e3527665b9043feddd278a3e0eb71705f43622cbc 6743 iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
 c9a175a6f4fc86e4c8898510dd91072abc16901612dbd0eb82228f1e3423f476 55872 iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
 d9b8c31f4036d0ab77098aed562369250c369a683d7145928d5da3e7688c4038 42926 iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
Files: 
 df8ae44c0366731c4102f1c5290f6c15 1193 net optional iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
 7105541d6b64f75852a725bcc26636bf 354607 net optional iscsitarget_0.4.16+svn162.orig.tar.gz
 d529b9d00d84471b032a425596ee63fe 6743 net optional iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
 4b76ecbc8b77f188fddeb22c85340730 55872 net optional iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
 006bfefbd074b9dbf72843ef643ff8df 42926 net optional iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkvYbZEACgkQQWTRs4lLtHm0vwCgnjjl2J07njPgKgMfiplm1HKz
cXMAoJDDrF92LPpxNK+74vzDKZKEQH3T
=7LN4
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 27 Jun 2010 07:35:38 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 16:22:50 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.