targetcli-2.1.51-4.el8

エラータID: AXSA:2020-296:01

Release date: 
Tuesday, September 8, 2020 - 03:49
Subject: 
targetcli-2.1.51-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package.

Security Fix(es):

* targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands (CVE-2020-10699)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10699
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.

Solution: 

Update packages.

CVEs: 
CVE-2020-10699
A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
Additional Info: 

N/A

Download: 

SRPMS
  1. targetcli-2.1.51-4.el8.src.rpm
    MD5: dd31b81ed1bb5359e9517254ecf96f58
    SHA-256: 548a47dedd3edae928270df101258e644a1cfb94654ca814f21417ce09fd3878
    Size: 56.44 kB

Asianux Server 8 for x86_64
  1. targetcli-2.1.51-4.el8.noarch.rpm
    MD5: ebfd4ca28b83ffe70f9819732263aa67
    SHA-256: 52fa1e0b8a4719a2a34e144d5b12bd3e5596febd66097c6efd5553c85af7f2fd
    Size: 77.87 kB