[stgt] tgtd buffer overflow and command injection vulnerabilities
Hullinger, Jason (Cloud Services)
jason.hullinger at hp.com
Mon Jun 16 22:06:32 CEST 2014
Hi,
Thanks for the clarification, and I see you are using a domain socket at
/var/run/tgtd.ipc_abstract_namespace.X Since the overflow occurs in a
function that is expected to do arbitrary commands it's sort of redundant
as a security issue. It is a bug though and will cause the process to
break so it should still be fixed.
Thanks,
Jason Hullinger
On 6/14/14, 6:29 AM, "FUJITA Tomonori" <fujita.tomonori at lab.ntt.co.jp>
wrote:
>Sorry about the delay,
>
>On Tue, 10 Jun 2014 19:17:35 +0000
>"Hullinger, Jason (Cloud Services)" <jason.hullinger at hp.com> wrote:
>
>> The function call_program in the tgtd daemon includes a callback
>>function
>> that will run arbitrary commands. Additionally, it does not check that
>>the
>
>Yeah, the feature is intentional:
>
>http://www.spinics.net/lists/linux-stgt/msg02065.html
>
>No security about tgtadm. A user who can use tgtadm has the root
>permission. He can do whatever he want to on the machine. He doesn't
>need to use a security hole in tgtd and tgtadm.
>
>Of course, we care about security about iscsi and isns ports.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5475 bytes
Desc: not available
URL: <http://lists.wpkg.org/pipermail/stgt/attachments/20140616/7d7ce94e/attachment-0003.bin>
More information about the stgt
mailing list