CVE-2021-3139 - OpenCVE

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tcmu-runner Project	Tcmu-runner

Configuration 1 [-]

cpe:2.3:a:tcmu-runner_project:tcmu-runner:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/01/13/5	Mailing List Mitigation Third Party Advisory
https://bugzilla.suse.com/attachment.cgi?id=844938	Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1178372	Issue Tracking Third Party Advisory
https://github.com/open-iscsi/tcmu-runner/pull/644	Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/01/12/12	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-13T15:33:45

Updated: 2021-01-14T03:32:16

Reserved: 2021-01-13T00:00:00

Link: CVE-2021-3139

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-13T16:15:14.617

Modified: 2021-01-22T18:25:15.970

Link: CVE-2021-3139

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-14T03:32:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1178372"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/attachment.cgi?id=844938"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2021/01/12/12"}, {"name": "[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/01/13/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/open-iscsi/tcmu-runner/pull/644"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1178372", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1178372"}, {"name": "https://bugzilla.suse.com/attachment.cgi?id=844938", "refsource": "MISC", "url": "https://bugzilla.suse.com/attachment.cgi?id=844938"}, {"name": "https://www.openwall.com/lists/oss-security/2021/01/12/12", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/01/12/12"}, {"name": "[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/01/13/5"}, {"name": "https://github.com/open-iscsi/tcmu-runner/pull/644", "refsource": "CONFIRM", "url": "https://github.com/open-iscsi/tcmu-runner/pull/644"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3139", "datePublished": "2021-01-13T15:33:45", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2021-01-14T03:32:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcmu-runner_project:tcmu-runner:*:*:*:*:*:*:*:*", "matchCriteriaId": "8926E8CD-ABE4-4BAA-9AD6-C92CCEE815E8", "versionEndIncluding": "1.5.2", "versionStartIncluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm."}, {"lang": "es", "value": "En Open-iSCSI tcmu-runner versiones 1.3.x, 1.4.x y versiones 1.5.x hasta 1.5.2, en la funci\u00f3n xcopy_locate_udev en el archivo tcmur_cmd_handler.c carece de una comprobaci\u00f3n de restricciones de la capa de transporte, permitiendo a atacantes remotos leer o escribir archivos por medio de un salto de directorio en una petici\u00f3n XCOPY. Por ejemplo, un ataque puede ocurrir en una red si el atacante presenta acceso a un iSCSI LUN. NOTA: en relaci\u00f3n con CVE-2020-28374, este es un error similar en un algoritmo diferente."}], "id": "CVE-2021-3139", "lastModified": "2021-01-22T18:25:15.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-13T16:15:14.617", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/01/13/5"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/attachment.cgi?id=844938"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1178372"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/open-iscsi/tcmu-runner/pull/644"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/01/12/12"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}