In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.

CPENameOperatorVersion
tcmu-runnereq1.3.0
tcmu-runnereq1.5.2
tcmu-runnereq1.5.0
tcmu-runnereq1.4.0-rc1
tcmu-runnereq1.4.0
tcmu-runnereq1.5.1

Name	Operator	Version
tcmu-runner	eq	1.3.0
tcmu-runner	eq	1.5.2
tcmu-runner	eq	1.5.0
tcmu-runner	eq	1.4.0-rc1
tcmu-runner	eq	1.4.0
tcmu-runner	eq	1.5.1

References

www.openwall.com/lists/oss-security/2021/01/13/5

bugzilla.suse.com/attachment.cgi?id=844938

bugzilla.suse.com/show_bug.cgi?id=1178372

github.com/open-iscsi/tcmu-runner/pull/644

www.openwall.com/lists/oss-security/2021/01/12/12

nessus 70

prion 2

ubuntucve 2

cvelist 2

debiancve 2

nvd 2

cve 2

photon 5

openvas 32

veracode 2

redhatcve 2

ubuntu 9

osv 10

archlinux 4

cloudfoundry 1

cbl_mariner 1

fedora 5

mageia 2

f5 1

suse 2

redhat 17

ibm 2

oraclelinux 15

amazon 3

almalinux 1

centos 1

debian 2

nessus

Ubuntu 20.04 LTS : TCMU vulnerability (USN-4707-1)

2021-01-28 00:00:00

Fedora 32 : kernel / kernel-headers (2021-082e638d02)

2021-01-20 00:00:00

Fedora 33 : kernel / kernel-headers (2021-620fb40359)

2021-01-20 00:00:00

prion

Directory traversal

2021-01-13 16:15:00

Directory traversal

2021-01-13 04:15:00

ubuntucve

CVE-2021-3139

2021-01-13 00:00:00

CVE-2020-28374

2021-01-12 00:00:00

cvelist

CVE-2021-3139

2021-01-13 15:33:45

CVE-2020-28374

2021-01-13 03:07:45

debiancve

CVE-2021-3139

2021-01-13 16:15:14

CVE-2020-28374

2021-01-13 04:15:12

nvd

CVE-2021-3139

2021-01-13 16:15:14

CVE-2020-28374

2021-01-13 04:15:12

cve

CVE-2021-3139

2021-01-13 16:15:14

CVE-2020-28374

2021-01-13 04:15:12

photon

Important Photon OS Security Update - PHSA-2021-0185

2021-01-22 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0185

2021-01-21 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0314

2021-01-26 00:00:00

openvas

Fedora: Security Advisory for kernel-headers (FEDORA-2021-620fb40359)

2021-01-16 00:00:00

Ubuntu: Security Advisory (USN-4713-1)

2021-01-29 00:00:00

Fedora: Security Advisory for kernel (FEDORA-2021-082e638d02)

2021-01-16 00:00:00

veracode

Directory Traversal

2021-03-17 04:37:19

Directory Traversal

2021-05-07 11:56:01

redhatcve

CVE-2020-28374

2021-01-13 12:46:45

CVE-2021-3139

2021-01-14 02:22:17

ubuntu

Linux kernel vulnerability

2021-02-10 00:00:00

Linux kernel vulnerability

2021-02-02 00:00:00

Linux kernel (OEM) vulnerability

2021-02-25 00:00:00

osv

linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerability

2021-02-02 06:17:58

linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-lts-xenial vulnerability

2021-01-14 23:48:32

linux-oem-5.10 vulnerabilities

2021-02-25 07:01:03

archlinux

[ASA-202101-33] linux: directory traversal

2021-01-20 00:00:00

[ASA-202101-30] linux-lts: directory traversal

2021-01-20 00:00:00

[ASA-202101-31] linux-zen: directory traversal

2021-01-20 00:00:00

cloudfoundry

USN-4694-1: Linux kernel vulnerability | Cloud Foundry

2021-02-10 00:00:00

cbl_mariner

CVE-2020-28374 affecting package kernel 5.4.91-6

2021-01-29 07:40:05

fedora

[SECURITY] Fedora 33 Update: kernel-5.10.7-200.fc33

2021-01-16 01:35:11

[SECURITY] Fedora 33 Update: kernel-headers-5.10.7-200.fc33

2021-01-16 01:35:11

[SECURITY] Fedora 33 Update: tcmu-runner-1.5.2-7.fc33

2021-02-03 01:55:35

mageia

Updated kernel packages fix security vulnerability

2021-01-21 01:45:57

Updated kernel-linus packages fix security vulnerabilities

2021-01-29 22:05:33

K15747621 : Linux kernel vulnerability CVE-2020-28374

2021-11-05 00:00:00

suse

Security update for tcmu-runner (important)

2021-01-20 00:00:00

Security update for tcmu-runner (important)

2021-01-17 00:00:00

redhat

(RHSA-2021:2167) Important: kpatch-patch security update

2021-06-01 08:53:09

(RHSA-2021:0862) Important: kpatch-patch security update

2021-03-16 10:27:20

(RHSA-2021:1452) Important: Red Hat Ceph Storage security, bug fix, and enhancement Update

2021-04-28 18:38:27

ibm

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability (CVE-2020-25705, CVE-2020-28374)

2021-11-04 15:59:03

Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus

2022-05-06 02:35:57

oraclelinux

Unbreakable Enterprise kernel-container security update

2021-02-01 00:00:00

Unbreakable Enterprise kernel security update

2021-01-30 00:00:00

Unbreakable Enterprise kernel security update

2021-02-08 00:00:00

amazon

Important: kernel

2021-02-17 18:07:00

Important: kernel

2021-02-17 18:07:00

Important: kernel

2021-02-16 00:13:00

almalinux

Important: kernel security, bug fix, and enhancement update

2021-04-06 13:33:17

centos

bpftool, kernel, perf, python security update

2021-03-18 23:24:41

debian

[SECURITY] [DSA 4843-1] linux security update

2021-02-01 14:39:40

[SECURITY] [DLA 2557-1] linux-4.19 security update

2021-02-12 19:25:34

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for OSV:CVE-2021-3139