Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Iscsi Tcmu-runner 路径遍历漏洞
Vulnerability Description
Open Iscsi Tcmu-runner是Open Iscsi个人开发者的一个用于处理Iscsi 中 LIO TCM-User backstore用户空间的守护程序。 Open-iSCSI tcmu-runner 存在路径遍历漏洞,该漏洞源于程序缺少对传输层限制的检查,允许远程攻击者利用该漏洞在xcopy请求中通过目录遍历来读写文件。以下设备或型号存在此漏洞:Open-iSCSI tcmu-runner 1.3.x、Open-iSCSI tcmu-runner 1.4.x、Open-iSCSI tcm
CVSS Information
N/A
Vulnerability Type
N/A