Upstream information

CVE-2021-3139 at MITRE

Description

In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.5
Vector AV:N/AC:L/Au:S/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 8.1
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Access Vector Network
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entries: 1178684 [RESOLVED / FIXED], 1180676 [RESOLVED / ]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE CaaS Platform 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SUSE-CAASP-4.0-2021-158
SUSE Enterprise Storage 6
  • libtcmu2 >= 1.4.0-4.3.1
  • tcmu-runner >= 1.4.0-4.3.1
  • tcmu-runner-handler-rbd >= 1.4.0-4.3.1
Patchnames:
SUSE-Storage-6-2021-143
SUSE-Storage-6-2021-158
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-158
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-158
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-HPC-15-2021-158
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
  • tcmu-runner-handler-rbd >= 1.5.2-3.3.1
Patchnames:
SUSE-SLE-Module-Development-Tools-OBS-15-SP2-2021-93
SUSE Linux Enterprise Module for Server Applications 15 SP2
  • libtcmu2 >= 1.5.2-3.3.1
  • tcmu-runner >= 1.5.2-3.3.1
Patchnames:
SUSE-SLE-Module-Server-Applications-15-SP2-2021-93
SUSE Linux Enterprise Server 15 SP1-BCL
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-BCL-2021-158
SUSE Linux Enterprise Server 15 SP1-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-158
SUSE Linux Enterprise Server 15-LTSS
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES-15-2021-158
SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP1-2021-158
SUSE Linux Enterprise Server for SAP Applications 15
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-2021-158
SUSE Manager Proxy 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-158
SUSE Manager Retail Branch Server 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-158
SUSE Manager Server 4.0
  • libtcmu2 >= 1.4.0-3.9.1
  • tcmu-runner >= 1.4.0-3.9.1
Patchnames:
SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-158
openSUSE Leap 15.1
  • libtcmu2 >= 1.4.0-lp151.3.9.1
  • libtcmu2-debuginfo >= 1.4.0-lp151.3.9.1
  • tcmu-runner >= 1.4.0-lp151.3.9.1
  • tcmu-runner-debuginfo >= 1.4.0-lp151.3.9.1
  • tcmu-runner-debugsource >= 1.4.0-lp151.3.9.1
  • tcmu-runner-handler-rbd >= 1.4.0-lp151.3.9.1
  • tcmu-runner-handler-rbd-debuginfo >= 1.4.0-lp151.3.9.1
Patchnames:
openSUSE-2021-128
openSUSE Leap 15.2
  • libtcmu2 >= 1.5.2-lp152.2.3.1
  • libtcmu2-debuginfo >= 1.5.2-lp152.2.3.1
  • tcmu-runner >= 1.5.2-lp152.2.3.1
  • tcmu-runner-debuginfo >= 1.5.2-lp152.2.3.1
  • tcmu-runner-debugsource >= 1.5.2-lp152.2.3.1
  • tcmu-runner-handler-rbd >= 1.5.2-lp152.2.3.1
  • tcmu-runner-handler-rbd-debuginfo >= 1.5.2-lp152.2.3.1
Patchnames:
openSUSE-2021-97