Vulnerability CVE-2021-3139

Vulnerability Name:

CVE-2021-3139 (CCN-194936)

Assigned:

2021-01-13

Published:

2021-01-13

Updated:

2021-01-22

Summary:

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN.
Note: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-3139

Source: MLIST
Type: Mailing List, Mitigation, Third Party Advisory
[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/attachment.cgi?id=844938

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1178372

Source: XF
Type: UNKNOWN
openiscsi-cve20213139-dir-traversal(194936)

Source: CCN
Type: tcmu-runner GIT Repository
tcmur: fail cross-device XCOPY requests #644

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/open-iscsi/tcmu-runner/pull/644

Source: CCN
Type: IBM Security Bulletin 6445699 (Spectrum Protect Plus)
Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus

Source: MISC
Type: Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/01/12/12

Vulnerable Configuration:

Configuration 1:

cpe:/a:tcmu-runner_project:tcmu-runner:*:*:*:*:*:*:*:* (Version >= 1.3.0 and <= 1.5.2)

Configuration CCN 1:

cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8023	P	jcl-over-slf4j-1.7.36-150200.3.4.3 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:102242	P	Security update for xen (Moderate) (in QA)	2022-04-07
oval:org.opensuse.security:def:99655	P	(Important)	2021-06-28
oval:org.opensuse.security:def:99963	P	(Important)	2021-06-17
oval:org.opensuse.security:def:99948	P	(Moderate)	2021-05-27
oval:org.opensuse.security:def:99456	P	(Important)	2021-03-24
oval:org.opensuse.security:def:5981	P	Security update for python36 (Moderate)	2021-03-19
oval:org.opensuse.security:def:110648	P	Security update for tcmu-runner (Important)	2021-01-20
oval:org.opensuse.security:def:69846	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:10078	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:96942	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:92112	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:9324	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:99257	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:92904	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:70218	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:10257	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:8579	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:92307	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:69464	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:9507	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:93057	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:70397	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:8756	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:98867	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:92506	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:69647	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:9706	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:93210	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:91917	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:8951	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:99062	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:92705	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:111477	P	Security update for tcmu-runner (Important)	2021-01-17
oval:org.opensuse.security:def:95529	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:69112	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:118556	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:108908	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:97329	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:96104	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:109460	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:76138	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:67070	P	Security update for tcmu-runner (Important)	2021-01-13
oval:org.opensuse.security:def:102794	P	Security update for tcmu-runner (Important)	2021-01-13

BACK