Intrusion Prevention

iSCSI.target.Multiple.Implementations.Format.String

Description

This indicates an attack attempt against a Format String vulnerability in iSCSI Target.
The vulnerability is caused by an error when the vulnerable software handles a malformed message. It allows a remote attacker to execute arbitrary code via sending crafted messages.

Affected Products

iSCSI Enterprise Target (aka iscsitarget) 0.4.16

Impact

System compromise.

Recommended Actions

Apply the latest update from the vendor:
http://www.debian.org/security/2010/dsa-2042

CVE References

CVE-2010-0743