Open ISCSI Multiple Local Denial Of Service Vulnerabilities
TITLE: Open ISCSI Multiple Local Denial Of Service Vulnerabilities
CLASS: Access Validation Error
CVE: CVE-2007-3099
CVE-2007-3100
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 14 2007 12:00AM
UPDATE: Jun 14 2007 12:00AM
CREDIT: Olaf Kirch from Oracle is credited with the discovery of these issues.
VULNERABLE:
RedHat Enterprise Linux Desktop v.5 clientNOT VULNERABLE:
RedHat Enterprise Linux v. 5 server
Open-iSCSI Open-iSCSI 0
Vai alla pagina originale su Security Focus
Discussion
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.
A local attacker can exploit these issues to deny legitimate user access to the server daemon.
Exploit
To exploit these issues an attacker must have local interactive access to a computer running the affected application.
Solution
Solution:
Please see the references section for further information.
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
References
References:
- Vendor Homepage (Open-iSCSI)
- RHSA-2007:0497-2 iscsi-initiator-utils security update (Red hat)