Upstream information

CVE-2021-3139 at MITRE

Description

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.5
Vector AV:N/AC:L/Au:S/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 8.1
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Access Vector Network
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entries: 1178684 [RESOLVED / FIXED], 1180676 [RESOLVED / ]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Container ses/7.1/cephcsi/cephcsi:v3.5.1.0
Container ses/7.1/rook/ceph:1.8.6.0.3.2.5
Container ses/7/cephcsi/cephcsi:3.2.0.0.3.248
Container ses/7/rook/ceph:1.5.7.4.1.1512
  • libtcmu2 >= 1.5.2-3.3.1
  • tcmu-runner >= 1.5.2-3.3.1
  • tcmu-runner-handler-rbd >= 1.5.2-3.3.1
SUSE CaaS Platform 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SUSE-CAASP-4.0-2021-158
SUSE Enterprise Storage 6
  • libtcmu2 >= 1.4.0-4.3.1
  • tcmu-runner >= 1.4.0-4.3.1
  • tcmu-runner-handler-rbd >= 1.4.0-4.3.1
Patchnames:
SUSE-Storage-6-2021-143
SUSE-Storage-6-2021-158
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-158
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-158
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
  • libtcmu2 >= 1.5.2-3.3.1
  • tcmu-runner >= 1.5.2-3.3.1
Patchnames:
SUSE-SLE-Module-Server-Applications-15-SP2-2021-93
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-2021-158
SUSE Linux Enterprise Server 15 SP1-BCL
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-BCL-2021-158
SUSE Linux Enterprise Server 15 SP1-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-158
SUSE Linux Enterprise Server 15-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-2021-158
SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP1-2021-158
SUSE Linux Enterprise Server for SAP Applications 15
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-2021-158
SUSE Manager Proxy 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-158
SUSE Manager Retail Branch Server 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-158
SUSE Manager Server 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-158
openSUSE Leap 15.1
  • libtcmu2 >= 1.4.0-lp151.3.9.1
  • tcmu-runner >= 1.4.0-lp151.3.9.1
  • tcmu-runner-handler-rbd >= 1.4.0-lp151.3.9.1
Patchnames:
openSUSE-2021-128
openSUSE Leap 15.2
  • libtcmu2 >= 1.5.2-lp152.2.3.1
  • tcmu-runner >= 1.5.2-lp152.2.3.1
  • tcmu-runner-handler-rbd >= 1.5.2-lp152.2.3.1
Patchnames:
openSUSE-2021-97