[stgt] tgtd buffer overflow and command injection vulnerabilities

FUJITA Tomonori fujita.tomonori at lab.ntt.co.jp
Sat Jun 14 15:29:01 CEST 2014


Sorry about the delay,

On Tue, 10 Jun 2014 19:17:35 +0000
"Hullinger, Jason (Cloud Services)" <jason.hullinger at hp.com> wrote:

> The function call_program in the tgtd daemon includes a callback function
> that will run arbitrary commands. Additionally, it does not check that the

Yeah, the feature is intentional:

http://www.spinics.net/lists/linux-stgt/msg02065.html

No security about tgtadm. A user who can use tgtadm has the root
permission. He can do whatever he want to on the machine. He doesn't
need to use a security hole in tgtd and tgtadm.

Of course, we care about security about iscsi and isns ports.
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the stgt mailing list