[stgt] tgtd buffer overflow and command injection vulnerabilities
FUJITA Tomonori
fujita.tomonori at lab.ntt.co.jp
Sat Jun 14 15:29:01 CEST 2014
Sorry about the delay,
On Tue, 10 Jun 2014 19:17:35 +0000
"Hullinger, Jason (Cloud Services)" <jason.hullinger at hp.com> wrote:
> The function call_program in the tgtd daemon includes a callback function
> that will run arbitrary commands. Additionally, it does not check that the
Yeah, the feature is intentional:
http://www.spinics.net/lists/linux-stgt/msg02065.html
No security about tgtadm. A user who can use tgtadm has the root
permission. He can do whatever he want to on the machine. He doesn't
need to use a security hole in tgtd and tgtadm.
Of course, we care about security about iscsi and isns ports.
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list