Launchpad CVE tracker

CVE 2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

Related bugs and status

CVE-2009-1297 (Candidate) is related to these bugs:

Bug #408915: Temporary file vulnerability in iscsi_discovery

		In	Importance	Status
408915	Temporary file vulnerability in iscsi_discovery	open-iscsi (Ubuntu)	Low	Fix Released
408915	Temporary file vulnerability in iscsi_discovery	open-iscsi (Ubuntu Hardy)	Low	Fix Released
408915	Temporary file vulnerability in iscsi_discovery	open-iscsi (Ubuntu Intrepid)	Low	Invalid
408915	Temporary file vulnerability in iscsi_discovery	open-iscsi (Ubuntu Karmic)	Low	Fix Released
408915	Temporary file vulnerability in iscsi_discovery	open-iscsi (Ubuntu Jaunty)	Low	Won't Fix

Bug #677333: open-iscsi: reconnecting to targets fails with kernel >2.6.32 due to sysfs changes (open-iscsi pkg version out of date with kernel)

Summary				In	Importance	Status
	677333	open-iscsi: reconnecting to targets fails with kernel >2.6.32 due to sysfs changes (open-iscsi pkg version out of date with kernel)		open-iscsi (Ubuntu)	Undecided	Fix Released
	677333	open-iscsi: reconnecting to targets fails with kernel >2.6.32 due to sysfs changes (open-iscsi pkg version out of date with kernel)		open-iscsi (Debian)	Unknown	Fix Released

Bug #961114: iscsid fails to reopen a connection established by iscsistart

Summary				In	Importance	Status
	961114	iscsid fails to reopen a connection established by iscsistart		open-iscsi (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1297

References