Format string vulnerabilities in iSCSI Enterprise Target could result in execution of arbitrary code or a Denial of Service.
|Package||sys-block/iscsitarget on all architectures|
|Affected versions||< 1.4.19|
|Unaffected versions||>= 1.4.19|
iSCSI Enterprise Target is an open source iSCSI target with professional features.
Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target contain format string errors.
A remote attacker could send a specially-crafted Internet Storage Name Service (iSNS) request, possibly resulting in the execution of arbitrary code with root privileges or cause a Denial of Service.
There is no known workaround at this time.
All iSCSI Enterprise Target users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-block/iscsitarget-1.4.19"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 11, 2010. It is likely that your system is already no longer affected by this issue.
January 23, 2012
January 23, 2012: 1