CVE-2021-3139

N/A

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

N/A

N/A

Open Iscsi Tcmu-runner 路径遍历漏洞

Open Iscsi Tcmu-runner是Open Iscsi个人开发者的一个用于处理Iscsi 中 LIO TCM-User backstore用户空间的守护程序。 Open-iSCSI tcmu-runner 存在路径遍历漏洞，该漏洞源于程序缺少对传输层限制的检查，允许远程攻击者利用该漏洞在xcopy请求中通过目录遍历来读写文件。以下设备或型号存在此漏洞：Open-iSCSI tcmu-runner 1.3.x、Open-iSCSI tcmu-runner 1.4.x、Open-iSCSI tcm

N/A

N/A