Open-iSCSI tcmu-runner up to 1.3.x/1.4.x/1.5.2 tcmur_cmd_handler.c xcopy_locate_udev pathname traversal

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Open-iSCSI tcmu-runner up to 1.3.x/1.4.x/1.5.2. Affected is the function xcopy_locate_udev of the file tcmur_cmd_handler.c. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1082707501/14/2021VulD...price_0day$0-$5ksee documentation01/14/2021accepted90
1082707401/14/2021VulD...cvss3_meta_tempscore6.3see documentation01/14/2021accepted90
1082707301/14/2021VulD...cvss3_meta_basescore6.3see documentation01/14/2021accepted90
1082707201/14/2021VulD...cvss3_vuldb_tempscore6.301/14/2021accepted90
1082707101/14/2021VulD...cvss3_vuldb_basescore6.301/14/2021accepted90
1082707001/14/2021VulD...cvss2_vuldb_tempscore6.501/14/2021accepted90
1082706901/14/2021VulD...cvss2_vuldb_basescore6.501/14/2021accepted90
1082706801/14/2021VulD...cvss3_vuldb_rcXderived from historical data01/14/2021accepted80
1082706701/14/2021VulD...cvss3_vuldb_rlXderived from historical data01/14/2021accepted80
1082706601/14/2021VulD...cvss3_vuldb_eXderived from historical data01/14/2021accepted80
1082706501/14/2021VulD...cvss3_vuldb_sUderived from historical data01/14/2021accepted80
1082706401/14/2021VulD...cvss3_vuldb_uiNderived from historical data01/14/2021accepted80
1082706301/14/2021VulD...cvss3_vuldb_prLderived from historical data01/14/2021accepted80
1082706201/14/2021VulD...cvss2_vuldb_rcNDderived from historical data01/14/2021accepted80
1082706101/14/2021VulD...cvss2_vuldb_rlNDderived from historical data01/14/2021accepted80
1082706001/14/2021VulD...cvss2_vuldb_eNDderived from historical data01/14/2021accepted80
1082705901/14/2021VulD...cvss2_vuldb_auSderived from historical data01/14/2021accepted80
1082705801/14/2021VulD...cvss2_vuldb_aiPderived from vuldb v3 vector01/14/2021accepted80
1082705701/14/2021VulD...cvss2_vuldb_iiPderived from vuldb v3 vector01/14/2021accepted80
1082705601/14/2021VulD...cvss2_vuldb_ciPderived from vuldb v3 vector01/14/2021accepted80

Want to stay up to date on a daily basis?

Enable the mail alert feature now!