Vulnerability Name:

CVE-2011-0001 (CCN-66010)

Assigned:2010-12-07
Published:2011-03-09
Updated:2023-02-13
Summary:Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2011-0001

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: RHSA-2011-0332
Important: scsi-target-utils security update

Source: CCN
Type: SA43713
Linux SCSI target framework (tgt) iscsi_rx_handler() Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2209
tgt -- double free

Source: CCN
Type: OSVDB ID: 74916
Linux SCSI Target Framework (tgt) tgt daemon (tgtd) iscsi_rx_handler() Function Double-free

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-46817
Red Hat scsi-target-utils TGT Daemon Remote Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 667261
CVE-2011-0001 scsi-target-utils: double-free vulnerability leads to pre-authenticated crash

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
lstf-iscsirxhandler-dos(66010)

Source: SUSE
Type: SUSE-SR:2011:009
SUSE Security Summary Report

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:rhel_cluster_storage:5:*:*:*:*:*:*:*
  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:redhat:rhel_cluster_storage:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20110001
    V
    CVE-2011-0001
    2022-05-20
    oval:org.opensuse.security:def:26226
    P
    Security update for openexr (Important)
    2022-01-12
    oval:org.opensuse.security:def:32289
    P
    Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:31755
    P
    Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:30279
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:42241
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:26173
    P
    Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:32231
    P
    Security update for clamav (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:31313
    P
    Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:32228
    P
    Security update for java-1_7_0-openjdk (Important)
    2021-11-24
    oval:org.opensuse.security:def:31301
    P
    Security update for samba (Important)
    2021-11-19
    oval:org.opensuse.security:def:31302
    P
    Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:26160
    P
    Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:29437
    P
    Security update for postgresql10 (Important)
    2021-10-20
    oval:org.opensuse.security:def:26145
    P
    Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:32179
    P
    Security update for libesmtp (Important)
    2021-09-02
    oval:org.opensuse.security:def:26116
    P
    Security update for apache2 (Important)
    2021-09-02
    oval:org.opensuse.security:def:31668
    P
    Security update for java-1_8_0-openjdk (Important)
    2021-08-20
    oval:org.opensuse.security:def:26102
    P
    Security update for php72 (Important)
    2021-08-06
    oval:org.opensuse.security:def:32971
    P
    Security update for dbus-1 (Important)
    2021-08-02
    oval:org.opensuse.security:def:33690
    P
    Security update for linuxptp (Important)
    2021-07-21
    oval:org.opensuse.security:def:32144
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:32123
    P
    Security update for xterm (Important)
    2021-06-18
    oval:org.opensuse.security:def:32121
    P
    Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:42718
    P
    tgt-0.9.10-0.17.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36311
    P
    tgt-0.9.10-0.17.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:33646
    P
    Security update for avahi (Important)
    2021-06-03
    oval:org.opensuse.security:def:26064
    P
    Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:26063
    P
    Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:32087
    P
    Security update for cups (Important)
    2021-04-30
    oval:org.opensuse.security:def:31611
    P
    Security update for libnettle (Important)
    2021-04-28
    oval:org.opensuse.security:def:32077
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:29491
    P
    Security update for MozillaFirefox (Important)
    2021-03-31
    oval:org.opensuse.security:def:32267
    P
    Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:26202
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:33080
    P
    Security update for java-1_8_0-openjdk (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:31731
    P
    Security update for java-1_7_1-ibm (Important)
    2021-02-18
    oval:org.opensuse.security:def:32945
    P
    Security update for mutt (Moderate)
    2021-01-22
    oval:org.opensuse.security:def:28925
    P
    Security update for java-1_8_0-ibm (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:33010
    P
    Security update for java-1_8_0-ibm (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:32016
    P
    Security update for python (Important)
    2020-12-11
    oval:org.opensuse.security:def:33622
    P
    Security update for openssl-1_1 (Important)
    2020-12-10
    oval:org.opensuse.security:def:34328
    P
    Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:36047
    P
    tgt-0.9.10-0.17.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35834
    P
    tgt-0.9.10-0.15.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:42454
    P
    tgt-0.9.10-0.17.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:28856
    P
    Security update for python3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:31778
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:33534
    P
    Security update for ConsoleKit
    2020-12-01
    oval:org.opensuse.security:def:32854
    P
    enscript on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33477
    P
    Security update for openLDAP
    2020-12-01
    oval:org.opensuse.security:def:25384
    P
    Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25588
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:25961
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26328
    P
    used on wotan :) (Low)
    2020-12-01
    oval:org.opensuse.security:def:25672
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:26022
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26578
    P
    lcms on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27309
    P
    tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25872
    P
    Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:29540
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:28845
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29142
    P
    Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31519
    P
    Security update for sendmail
    2020-12-01
    oval:org.opensuse.security:def:31911
    P
    Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31599
    P
    Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:31967
    P
    Security update for intel-SINIT (Important)
    2020-12-01
    oval:org.opensuse.security:def:32531
    P
    ipsec-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33274
    P
    tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31789
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33583
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32855
    P
    evince on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33175
    P
    libpulse-browse0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26798
    P
    pam_ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25385
    P
    Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25669
    P
    Security update for gcc10 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26014
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26372
    P
    Recommended update for geotiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25596
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:25800
    P
    Security update for polkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26592
    P
    libneon27 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25936
    P
    Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26286
    P
    Security update for libcdio (Low)
    2020-12-01
    oval:org.opensuse.security:def:29579
    P
    Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30316
    P
    Security update for tgt
    2020-12-01
    oval:org.opensuse.security:def:29199
    P
    Security update for openssh (Important)
    2020-12-01
    oval:org.opensuse.security:def:32759
    P
    openvpn on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32333
    P
    Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31513
    P
    Security update for quagga
    2020-12-01
    oval:org.opensuse.security:def:32553
    P
    libicu-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31863
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34368
    P
    Security update for tgt
    2020-12-01
    oval:org.opensuse.security:def:32866
    P
    g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33232
    P
    perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26833
    P
    tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25396
    P
    Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:25726
    P
    Security update for python36 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26275
    P
    Security update for freerdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:27010
    P
    pcsc-lite on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25597
    P
    Security update for squid (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25881
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26636
    P
    rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25860
    P
    Security update for bash (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26437
    P
    Security update for enigmail (Important)
    2020-12-01
    oval:org.opensuse.security:def:29597
    P
    Security update for atftp (Important)
    2020-12-01
    oval:org.opensuse.security:def:29284
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:32055
    P
    Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32798
    P
    tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31514
    P
    Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31823
    P
    Security update for bash (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32443
    P
    Security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32597
    P
    puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31777
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31995
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32387
    P
    Security update for tomcat6 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33320
    P
    wget-openssl1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25460
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25810
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26314
    P
    Security update for iperf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27045
    P
    tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25608
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25938
    P
    Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:26539
    P
    emacs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27274
    P
    puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25861
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26490
    P
    Security update for pdns (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29641
    P
    Security update for ctags (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28844
    P
    Security update for wireshark
    2020-12-01
    oval:org.opensuse.security:def:29056
    P
    Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:31387
    P
    Security update for openvpn-openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31525
    P
    Security update for rsyslog
    2020-12-01
    oval:org.opensuse.security:def:31880
    P
    Security update for dhcpcd (Important)
    2020-12-01
    oval:org.opensuse.security:def:32492
    P
    boost-license on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33235
    P
    powerpc-utils on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:21847
    P
    RHSA-2011:0332: scsi-target-utils security update (Important)
    2015-03-09
    oval:org.mitre.oval:def:13545
    P
    USN-1156-1 -- tgt vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:12861
    P
    DSA-2209-1 tgt -- double free
    2014-06-23
    oval:org.mitre.oval:def:23633
    P
    ELSA-2011:0332: scsi-target-utils security update (Important)
    2014-05-26
    oval:com.ubuntu.precise:def:20110001000
    V
    CVE-2011-0001 on Ubuntu 12.04 LTS (precise) - medium.
    2011-03-15
    oval:com.redhat.rhsa:def:20110332
    P
    RHSA-2011:0332: scsi-target-utils security update (Important)
    2011-03-09
    BACK
    redhat rhel cluster storage 5
    redhat enterprise linux 6
    redhat enterprise linux 6