2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
71.1%
CentOS Errata and Security Advisory CESA-2007:0497
The iscsi package provides the server daemon for the iSCSI protocol, as
well as the utility programs used to manage it. iSCSI is a protocol for
distributed disk access using SCSI commands sent over Internet Protocol
networks.
Olaf Kirch discovered two flaws in open-iscsi. A local attacker could use
these flaws to cause the server daemon to stop responding, leading to a
denial of service. (CVE-2007-3099, CVE-2007-3100).
All users of open-iscsi should upgrade to this updated package which
resolves these issues.
Note: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.
open-iscsi is available in Red Hat Enterprise Linux 5 as a Technology
Preview.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-June/076099.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076100.html
Affected packages:
iscsi-initiator-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0497
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | iscsi-initiator-utils | < 6.2.0.742-0.6.el5 | iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm |
CentOS | 5 | x86_64 | iscsi-initiator-utils | < 6.2.0.742-0.6.el5 | iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm |