SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Open-iSCSI Vendors:   open-iscsi.org
Open-iSCSI Lets Local Users Deny Service
SecurityTracker Alert ID:  1018246
SecurityTracker URL:  http://securitytracker.com/id/1018246
CVE Reference:   CVE-2007-3099, CVE-2007-3100   (Links to External Site)
Date:  Jun 14 2007
Impact:   Denial of service via local system


Description:   Two vulnerabilities were reported in Open-iSCSI. A local user can cause the iSCSI server daemon to stop responding.

The iscsid does not properly validate user identities on the management interface [CVE-2007-3099]. A local user can connect to the interface and perform management operations on the iSCSI initiator, including tearing down individual connections or shut down the daemon.

A local user can set up a semaphore used by the logging mechanism to cause the daemon to hang when attempting to write to the log [CVE-2007-3100].

Olaf Kirch discovered these vulnerabilities.

Impact:   A local user can the target server daemon to stop responding.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.open-iscsi.org/ (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 14 2007 (Red Hat Issues Fix) Open-iSCSI Lets Local Users Deny Service
Red Hat has released a fix for Red Hat Enterprise Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC