Skip to navigation

Security Advisory Important: scsi-target-utils security update

Advisory: RHSA-2011:0332-1
Type: Security Advisory
Severity: Important
Issued on: 2011-03-09
Last updated on: 2011-03-09
Affected Products: RHEL Cluster-Storage (v. 5 server)
RHEL Cluster-Storage EUS (v. 5.6.z server)
RHEL Cluster-Storage Long Life (v. 5.6 server)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-0001

Details

An updated scsi-target-utils package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The scsi-target-utils package contains the daemon and tools to set up and
monitor SCSI targets. Currently, iSCSI software and iSER targets are
supported.

A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote
attacker could trigger this flaw by sending carefully-crafted network
traffic, causing the tgtd daemon to crash. (CVE-2011-0001)

Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for
reporting this issue.

All scsi-target-utils users should upgrade to this updated package, which
contains a backported patch to correct this issue. All running
scsi-target-utils services must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Cluster-Storage (v. 5 server)

SRPMS:
scsi-target-utils-1.0.8-0.el5_6.1.src.rpm
File outdated by:  RHBA-2012:0279
    MD5: e87bfbd328ced7374657b06f0f3bf77e
SHA-256: d06a7f2be7c4cfe98f2a2ba3d7c8163624962a662f344fd97a0bc38cd3aa3f3b
 
IA-32:
scsi-target-utils-1.0.8-0.el5_6.1.i386.rpm
File outdated by:  RHBA-2012:0279
    MD5: ec06828aaa471bdb54e2acd39f48000a
SHA-256: 23b16163aa5f9cb27d81763db5d3ca4e1b600a3cd1130fc3067ac902d15ab649
 
IA-64:
scsi-target-utils-1.0.8-0.el5_6.1.ia64.rpm
File outdated by:  RHBA-2012:0279
    MD5: 7583b19413ad3b517709552b0bb62424
SHA-256: 41666024dcbd7fe9fad8e2c8b0ff0f034dfdfc2a6112f38b622129570cf21755
 
PPC:
scsi-target-utils-1.0.8-0.el5_6.1.ppc.rpm
File outdated by:  RHBA-2012:0279
    MD5: 1a17086950348cf8e859895e9897510b
SHA-256: 90043a1e7358666474c53e912d0e6daafeb2398e46f4e64ede5875cac553f552
 
x86_64:
scsi-target-utils-1.0.8-0.el5_6.1.x86_64.rpm
File outdated by:  RHBA-2012:0279
    MD5: 10a654447b50a125e63685cec7c604ac
SHA-256: 97a32f1e69f6a3d1533cd8afd5241e9a39fade60cb12e4f67c92b35fab3f8c09
 
RHEL Cluster-Storage EUS (v. 5.6.z server)

SRPMS:
scsi-target-utils-1.0.8-0.el5_6.1.src.rpm
File outdated by:  RHBA-2012:0279
    MD5: e87bfbd328ced7374657b06f0f3bf77e
SHA-256: d06a7f2be7c4cfe98f2a2ba3d7c8163624962a662f344fd97a0bc38cd3aa3f3b
 
IA-32:
scsi-target-utils-1.0.8-0.el5_6.1.i386.rpm     MD5: ec06828aaa471bdb54e2acd39f48000a
SHA-256: 23b16163aa5f9cb27d81763db5d3ca4e1b600a3cd1130fc3067ac902d15ab649
 
IA-64:
scsi-target-utils-1.0.8-0.el5_6.1.ia64.rpm     MD5: 7583b19413ad3b517709552b0bb62424
SHA-256: 41666024dcbd7fe9fad8e2c8b0ff0f034dfdfc2a6112f38b622129570cf21755
 
PPC:
scsi-target-utils-1.0.8-0.el5_6.1.ppc.rpm     MD5: 1a17086950348cf8e859895e9897510b
SHA-256: 90043a1e7358666474c53e912d0e6daafeb2398e46f4e64ede5875cac553f552
 
x86_64:
scsi-target-utils-1.0.8-0.el5_6.1.x86_64.rpm     MD5: 10a654447b50a125e63685cec7c604ac
SHA-256: 97a32f1e69f6a3d1533cd8afd5241e9a39fade60cb12e4f67c92b35fab3f8c09
 
RHEL Cluster-Storage Long Life (v. 5.6 server)

SRPMS:
scsi-target-utils-1.0.8-0.el5_6.1.src.rpm
File outdated by:  RHBA-2012:0279
    MD5: e87bfbd328ced7374657b06f0f3bf77e
SHA-256: d06a7f2be7c4cfe98f2a2ba3d7c8163624962a662f344fd97a0bc38cd3aa3f3b
 
IA-32:
scsi-target-utils-1.0.8-0.el5_6.1.i386.rpm     MD5: ec06828aaa471bdb54e2acd39f48000a
SHA-256: 23b16163aa5f9cb27d81763db5d3ca4e1b600a3cd1130fc3067ac902d15ab649
 
IA-64:
scsi-target-utils-1.0.8-0.el5_6.1.ia64.rpm     MD5: 7583b19413ad3b517709552b0bb62424
SHA-256: 41666024dcbd7fe9fad8e2c8b0ff0f034dfdfc2a6112f38b622129570cf21755
 
x86_64:
scsi-target-utils-1.0.8-0.el5_6.1.x86_64.rpm     MD5: 10a654447b50a125e63685cec7c604ac
SHA-256: 97a32f1e69f6a3d1533cd8afd5241e9a39fade60cb12e4f67c92b35fab3f8c09
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
scsi-target-utils-1.0.4-3.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1684
    MD5: dea0826027457532558798143db0b074
SHA-256: 65096185dc67abff46a3b279bf1fc1b90000807c5e823931aac1dc7235393d23
 
IA-32:
scsi-target-utils-1.0.4-3.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1684
    MD5: 034a41dc22ee7339e5d4c4855c8516e2
SHA-256: 748b5d864d29647b63c0e133631af27feef2c4128c74381ac631fe324e47b1ea
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1684
    MD5: 341b4528666e7812f08c21f1c2580ec4
SHA-256: bdc8eada11e5c3cd8863b378084ee35e8f213d2c32c1cf662e203fae150db596
 
PPC:
scsi-target-utils-1.0.4-3.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2013:1684
    MD5: 01e3f18cbd4889f57b4fcd2e603cac18
SHA-256: c1e94327e0c585087604b882d301a850f21bc6b00d34de1a22706fcfdaee8cf9
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2013:1684
    MD5: d1ead9631c70df3a249a531054a4e12d
SHA-256: 152c75a44e7b3911fd3fb1922dc2c6617194aa94e564019b93c8caf9775948b5
 
x86_64:
scsi-target-utils-1.0.4-3.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1684
    MD5: 59b456e7601e7a1e345bb10f51788510
SHA-256: e35512b1e3e55dcebadddf2a68720e0646c7cd72d7803ef3afe5b510e5bd60d2
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1684
    MD5: 7bc0469b87b1b9d904d2a32f85a3cc62
SHA-256: f4f681de2fe3f5cfb5fc6a6da9f87ff49902f9256e3a026c7554d9fe5b2dab6f
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
scsi-target-utils-1.0.4-3.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1684
    MD5: dea0826027457532558798143db0b074
SHA-256: 65096185dc67abff46a3b279bf1fc1b90000807c5e823931aac1dc7235393d23
 
IA-32:
scsi-target-utils-1.0.4-3.el6_0.1.i686.rpm     MD5: 034a41dc22ee7339e5d4c4855c8516e2
SHA-256: 748b5d864d29647b63c0e133631af27feef2c4128c74381ac631fe324e47b1ea
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.i686.rpm     MD5: 341b4528666e7812f08c21f1c2580ec4
SHA-256: bdc8eada11e5c3cd8863b378084ee35e8f213d2c32c1cf662e203fae150db596
 
PPC:
scsi-target-utils-1.0.4-3.el6_0.1.ppc64.rpm     MD5: 01e3f18cbd4889f57b4fcd2e603cac18
SHA-256: c1e94327e0c585087604b882d301a850f21bc6b00d34de1a22706fcfdaee8cf9
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.ppc64.rpm     MD5: d1ead9631c70df3a249a531054a4e12d
SHA-256: 152c75a44e7b3911fd3fb1922dc2c6617194aa94e564019b93c8caf9775948b5
 
x86_64:
scsi-target-utils-1.0.4-3.el6_0.1.x86_64.rpm     MD5: 59b456e7601e7a1e345bb10f51788510
SHA-256: e35512b1e3e55dcebadddf2a68720e0646c7cd72d7803ef3afe5b510e5bd60d2
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.x86_64.rpm     MD5: 7bc0469b87b1b9d904d2a32f85a3cc62
SHA-256: f4f681de2fe3f5cfb5fc6a6da9f87ff49902f9256e3a026c7554d9fe5b2dab6f
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
scsi-target-utils-1.0.4-3.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1684
    MD5: dea0826027457532558798143db0b074
SHA-256: 65096185dc67abff46a3b279bf1fc1b90000807c5e823931aac1dc7235393d23
 
IA-32:
scsi-target-utils-1.0.4-3.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1684
    MD5: 034a41dc22ee7339e5d4c4855c8516e2
SHA-256: 748b5d864d29647b63c0e133631af27feef2c4128c74381ac631fe324e47b1ea
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1684
    MD5: 341b4528666e7812f08c21f1c2580ec4
SHA-256: bdc8eada11e5c3cd8863b378084ee35e8f213d2c32c1cf662e203fae150db596
 
x86_64:
scsi-target-utils-1.0.4-3.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1684
    MD5: 59b456e7601e7a1e345bb10f51788510
SHA-256: e35512b1e3e55dcebadddf2a68720e0646c7cd72d7803ef3afe5b510e5bd60d2
scsi-target-utils-debuginfo-1.0.4-3.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1684
    MD5: 7bc0469b87b1b9d904d2a32f85a3cc62
SHA-256: f4f681de2fe3f5cfb5fc6a6da9f87ff49902f9256e3a026c7554d9fe5b2dab6f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

667261 - CVE-2011-0001 scsi-target-utils: double-free vulnerability leads to pre-authenticated crash


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/