Computer Security
[EN] securityvulns.ru no-pyccku


Multiple open-iscsi security vulnerabilities
Published:20.06.2007
Source:
SecurityVulns ID:7828
Type:local
Threat Level:
5/10
Description:Invalid implementation of internal sockets and semaphores access.
Affected:OPENISCSI : open-iscsi 2.0
CVE:CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.)
 CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities (20.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod