Search...

open-iscsi (iscsi-initiator-utils) iscsid usr/mgmt_ipc.c Mangement Interface Remote DoS

2007-06-11T11:03:50

ID OSVDB:37269
Type osvdb
Reporter OSVDB
Modified 2007-06-11T11:03:50

Description

No description provided by the source

References:

Vendor Specific News/Changelog Entry: http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html Vendor Specific News/Changelog Entry: http://svn.berlios.de/viewcvs/open-iscsi?rev=857&view=rev Vendor Specific News/Changelog Entry: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 Security Tracker: 1018246 Secunia Advisory ID:25749 Secunia Advisory ID:25679 Secunia Advisory ID:26438 Secunia Advisory ID:26543 Related OSVDB ID: 37270 RedHat RHSA: RHSA-2007:0497 Other Advisory URL: http://www.debian.org/security/2007/dsa-1314 Other Advisory URL: http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_17_sr.html Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1314 CVE-2007-3099 Bugtraq ID: 24471

JSON Vulners Source

Initial Source

{"href": "https://vulners.com/osvdb/OSVDB:37269", "id": "OSVDB:37269", "reporter": "OSVDB", "published": "2007-06-11T11:03:50", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html\nVendor Specific News/Changelog Entry: http://svn.berlios.de/viewcvs/open-iscsi?rev=857&view=rev\nVendor Specific News/Changelog Entry: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719\nSecurity Tracker: 1018246\n[Secunia Advisory ID:25749](https://secuniaresearch.flexerasoftware.com/advisories/25749/)\n[Secunia Advisory ID:25679](https://secuniaresearch.flexerasoftware.com/advisories/25679/)\n[Secunia Advisory ID:26438](https://secuniaresearch.flexerasoftware.com/advisories/26438/)\n[Secunia Advisory ID:26543](https://secuniaresearch.flexerasoftware.com/advisories/26543/)\n[Related OSVDB ID: 37270](https://vulners.com/osvdb/OSVDB:37270)\nRedHat RHSA: RHSA-2007:0497\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1314\nOther Advisory URL: http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_17_sr.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1314\n[CVE-2007-3099](https://vulners.com/cve/CVE-2007-3099)\nBugtraq ID: 24471\n", "title": "open-iscsi (iscsi-initiator-utils) iscsid usr/mgmt_ipc.c Mangement Interface Remote DoS", "lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-3099"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 4.2, "vector": "NONE", "modified": "2017-04-28T13:20:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3099"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7828", "SECURITYVULNS:DOC:17300"]}, {"type": "nessus", "idList": ["FEDORA_2007-0543.NASL", "ORACLELINUX_ELSA-2007-0497.NASL", "SUSE_OPEN-ISCSI-4035.NASL", "SUSE_OPEN-ISCSI-4034.NASL", "DEBIAN_DSA-1314.NASL", "REDHAT-RHSA-2007-0497.NASL", "SL_20070614_ISCSI_INITIATOR_UTILS_ON_SL5_X.NASL", "CENTOS_RHSA-2007-0497.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122690", "OPENVAS:861590", "OPENVAS:58362"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1314-1:9B684"]}, {"type": "redhat", "idList": ["RHSA-2007:0497"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0497"]}, {"type": "centos", "idList": ["CESA-2007:0497"]}], "modified": "2017-04-28T13:20:33", "rev": 2}, "vulnersScore": 4.2}, "modified": "2007-06-11T11:03:50"}

{"cve": [{"lastseen": "2020-10-03T11:45:52", "description": "usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).", "edition": 3, "cvss3": {}, "published": "2007-06-14T19:30:00", "title": "CVE-2007-3099", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3099"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5.0"], "id": "CVE-2007-3099", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3099", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "Check for the Version of iscsi-initiator-utils", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861590", "href": "http://plugins.openvas.org/nasl.php?oid=861590", "type": "openvas", "title": "Fedora Update for iscsi-initiator-utils FEDORA-2007-0543", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for iscsi-initiator-utils FEDORA-2007-0543\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"iscsi-initiator-utils on Fedora 7\";\ntag_insight = \"The iscsi package provides the server daemon for the iSCSI protocol,\n as well as the utility programs used to manage it. iSCSI is a protocol\n for distributed disk access using SCSI commands sent over Internet\n Protocol networks.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00429.html\");\n script_id(861590);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-0543\");\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_name( \"Fedora Update for iscsi-initiator-utils FEDORA-2007-0543\");\n\n script_summary(\"Check for the Version of iscsi-initiator-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"iscsi-initiator-utils\", rpm:\"iscsi-initiator-utils~6.2.0.865~0.0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"iscsi-initiator-utils\", rpm:\"iscsi-initiator-utils~6.2.0.865~0.0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"iscsi-initiator-utils-debuginfo\", rpm:\"iscsi-initiator-utils-debuginfo~6.2.0.865~0.0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"iscsi-initiator-utils\", rpm:\"iscsi-initiator-utils~6.2.0.865~0.0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"iscsi-initiator-utils-debuginfo\", rpm:\"iscsi-initiator-utils-debuginfo~6.2.0.865~0.0.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "Oracle Linux Local Security Checks ELSA-2007-0497", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122690", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0497", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0497.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122690\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:51:10 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0497\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0497 - Moderate: iscsi-initiator-utils security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0497\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0497.html\");\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"iscsi-initiator-utils\", rpm:\"iscsi-initiator-utils~6.2.0.742~0.6.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:49:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "The remote host is missing an update to open-iscsi\nannounced via advisory DSA 1314-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58362", "href": "http://plugins.openvas.org/nasl.php?oid=58362", "type": "openvas", "title": "Debian Security Advisory DSA 1314-1 (open-iscsi)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1314_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1314-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local and remote vulnerabilities have been discovered in\nopen-iscsi, a transport-independent iSCSI implementation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-3099\n\nOlaf Kirch discovered that due to a programming error access to the\nmanagement interface socket was insufficiently protected, which allows\ndenial of service.\n\nCVE-2007-3100\n\nOlaf Kirch discovered that access to a semaphore used in the logging\ncode was insufficiently protected, allowing denial of service.\n\nThe oldstable distribution (sarge) doesn't include open-iscsi.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 2.0.730-1etch1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.0.865-1.\n\nWe recommend that you upgrade your open-iscsi packages.\";\ntag_summary = \"The remote host is missing an update to open-iscsi\nannounced via advisory DSA 1314-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201314-1\";\n\nif(description)\n{\n script_id(58362);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1314-1 (open-iscsi)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"open-iscsi\", ver:\"2.0.730-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:24:16", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0497\n\n\nThe iscsi package provides the server daemon for the iSCSI protocol, as\r\nwell as the utility programs used to manage it. iSCSI is a protocol for\r\ndistributed disk access using SCSI commands sent over Internet Protocol\r\nnetworks.\r\n\r\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could use\r\nthese flaws to cause the server daemon to stop responding, leading to a\r\ndenial of service. (CVE-2007-3099, CVE-2007-3100).\r\n\r\nAll users of open-iscsi should upgrade to this updated package which\r\nresolves these issues.\r\n\r\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\r\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\r\nPreview.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/025975.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/025976.html\n\n**Affected packages:**\niscsi-initiator-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0497.html", "edition": 3, "modified": "2007-06-14T15:43:15", "published": "2007-06-14T15:43:15", "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/025975.html", "id": "CESA-2007:0497", "title": "iscsi security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "The iscsi package provides the server daemon for the iSCSI protocol, as\r\nwell as the utility programs used to manage it. iSCSI is a protocol for\r\ndistributed disk access using SCSI commands sent over Internet Protocol\r\nnetworks.\r\n\r\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could use\r\nthese flaws to cause the server daemon to stop responding, leading to a\r\ndenial of service. (CVE-2007-3099, CVE-2007-3100).\r\n\r\nAll users of open-iscsi should upgrade to this updated package which\r\nresolves these issues.\r\n\r\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\r\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\r\nPreview.", "modified": "2017-09-08T11:59:39", "published": "2007-06-14T04:00:00", "id": "RHSA-2007:0497", "href": "https://access.redhat.com/errata/RHSA-2007:0497", "type": "redhat", "title": "(RHSA-2007:0497) Moderate: iscsi-initiator-utils security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": " [6.2.0.742-0.6]\n - BZ 243726 fix two security flaws in open-iscsi (iscsid and logging) ", "edition": 4, "modified": "2007-06-26T00:00:00", "published": "2007-06-26T00:00:00", "id": "ELSA-2007-0497", "href": "http://linux.oracle.com/errata/ELSA-2007-0497.html", "title": "Moderate: iscsi-initiator-utils security update ", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "Invalid implementation of internal sockets and semaphores access.", "edition": 1, "modified": "2007-06-20T00:00:00", "published": "2007-06-20T00:00:00", "id": "SECURITYVULNS:VULN:7828", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7828", "title": "Multiple open-iscsi security vulnerabilities", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 1314-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJune 19th, 2007 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : open-iscsi\r\nVulnerability : several\r\nProblem-Type : local/remote\r\nDebian-specific: no\r\nCVE ID : CVE-2007-3099 CVE-2007-3100\r\n\r\nSeveral local and remote vulnerabilities have been discovered in\r\nopen-iscsi, a transport-independent iSCSI implementation. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nCVE-2007-3099\r\n\r\n Olaf Kirch discovered that due to a programming error access to the\r\n management interface socket was insufficiently protected, which allows\r\n denial of service.\r\n\r\nCVE-2007-3100\r\n\r\n Olaf Kirch discovered that access to a semaphore used in the logging\r\n code was insufficiently protected, allowing denial of service.\r\n\r\nThe oldstable distribution (sarge) doesn't include open-iscsi.\r\n\r\nFor the stable distribution (etch) these problems have been fixed\r\nin version 2.0.730-1etch1.\r\n\r\nFor the unstable distribution (sid) these problems have been fixed in\r\nversion 2.0.865-1.\r\n\r\nWe recommend that you upgrade your open-iscsi packages.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.dsc\r\n Size/MD5 checksum: 592 c3ca52812e7394fbd46d4890d543d4e3\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.diff.gz\r\n Size/MD5 checksum: 7611 55cd1fbd431d428bd16d0afd2137c875\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730.orig.tar.gz\r\n Size/MD5 checksum: 178486 6aea522b7e5699d4934ec37a11c82b78\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_alpha.deb\r\n Size/MD5 checksum: 139992 b567b7256f9c8895af6b08bb647612f2\r\n\r\n AMD64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_amd64.deb\r\n Size/MD5 checksum: 126726 66d7ebc09fcedebb449686ff3906d8bd\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_arm.deb\r\n Size/MD5 checksum: 123180 fcdbeb68b4d9793b9f28ef72059bed38\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_hppa.deb\r\n Size/MD5 checksum: 123422 0215cb45c1061c9233ee5c883307c479\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_i386.deb\r\n Size/MD5 checksum: 112012 1a821f05ed1a9cc9d95d05a07a050f26\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_ia64.deb\r\n Size/MD5 checksum: 188172 cb60c8853f7c7206b0764707ac47e78b\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mips.deb\r\n Size/MD5 checksum: 125214 e0c95f7b635638fef66818b1eea0b2bf\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mipsel.deb\r\n Size/MD5 checksum: 124264 25b970039344dd406244ec9ca454cedb\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_powerpc.deb\r\n Size/MD5 checksum: 114856 ab099a8dcb293c4452f14ad9c1e030a0\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_s390.deb\r\n Size/MD5 checksum: 137232 2d5a617312409bf401e38c65cc3a0b69\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_sparc.deb\r\n Size/MD5 checksum: 114362 3df414bd3d53afe5878a4079e3165f81\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niD8DBQFGeDNdXm3vHE4uyloRAt7TAJ4gec8zADGuzjJM/1IvLZf0FU8v8ACg1bO2\r\ncZpDxDek2ZdU3CscoiZxpDM=\r\n=UG1Q\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2007-06-20T00:00:00", "published": "2007-06-20T00:00:00", "id": "SECURITYVULNS:DOC:17300", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17300", "title": "[SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:29", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1314-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 19th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : open-iscsi\nVulnerability : several\nProblem-Type : local/remote\nDebian-specific: no\nCVE ID : CVE-2007-3099 CVE-2007-3100\n\nSeveral local and remote vulnerabilities have been discovered in\nopen-iscsi, a transport-independent iSCSI implementation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2007-3099\n\n Olaf Kirch discovered that due to a programming error access to the\n management interface socket was insufficiently protected, which allows\n denial of service.\n\nCVE-2007-3100\n\n Olaf Kirch discovered that access to a semaphore used in the logging\n code was insufficiently protected, allowing denial of service.\n\nThe oldstable distribution (sarge) doesn't include open-iscsi.\n\nFor the stable distribution (etch) these problems have been fixed\nin version 2.0.730-1etch1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.0.865-1.\n\nWe recommend that you upgrade your open-iscsi packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.dsc\n Size/MD5 checksum: 592 c3ca52812e7394fbd46d4890d543d4e3\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.diff.gz\n Size/MD5 checksum: 7611 55cd1fbd431d428bd16d0afd2137c875\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730.orig.tar.gz\n Size/MD5 checksum: 178486 6aea522b7e5699d4934ec37a11c82b78\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_alpha.deb\n Size/MD5 checksum: 139992 b567b7256f9c8895af6b08bb647612f2\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_amd64.deb\n Size/MD5 checksum: 126726 66d7ebc09fcedebb449686ff3906d8bd\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_arm.deb\n Size/MD5 checksum: 123180 fcdbeb68b4d9793b9f28ef72059bed38\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_hppa.deb\n Size/MD5 checksum: 123422 0215cb45c1061c9233ee5c883307c479\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_i386.deb\n Size/MD5 checksum: 112012 1a821f05ed1a9cc9d95d05a07a050f26\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_ia64.deb\n Size/MD5 checksum: 188172 cb60c8853f7c7206b0764707ac47e78b\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mips.deb\n Size/MD5 checksum: 125214 e0c95f7b635638fef66818b1eea0b2bf\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mipsel.deb\n Size/MD5 checksum: 124264 25b970039344dd406244ec9ca454cedb\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_powerpc.deb\n Size/MD5 checksum: 114856 ab099a8dcb293c4452f14ad9c1e030a0\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_s390.deb\n Size/MD5 checksum: 137232 2d5a617312409bf401e38c65cc3a0b69\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_sparc.deb\n Size/MD5 checksum: 114362 3df414bd3d53afe5878a4079e3165f81\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2007-06-19T00:00:00", "published": "2007-06-19T00:00:00", "id": "DEBIAN:DSA-1314-1:9B684", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00075.html", "title": "[SECURITY] [DSA 1314-1] New open-iscsi packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:25:09", "description": "Updated iscsi-initiator-utils packages that fix a security flaw in\nopen-iscsi are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe iscsi package provides the server daemon for the iSCSI protocol,\nas well as the utility programs used to manage it. iSCSI is a protocol\nfor distributed disk access using SCSI commands sent over Internet\nProtocol networks.\n\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\n\nAll users of open-iscsi should upgrade to this updated package which\nresolves these issues.\n\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\nPreview.", "edition": 26, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : iscsi-initiator-utils (CESA-2007:0497)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:iscsi-initiator-utils", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2007-0497.NASL", "href": "https://www.tenable.com/plugins/nessus/43643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0497 and \n# CentOS Errata and Security Advisory 2007:0497 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43643);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_bugtraq_id(24471);\n script_xref(name:\"RHSA\", value:\"2007:0497\");\n\n script_name(english:\"CentOS 5 : iscsi-initiator-utils (CESA-2007:0497)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated iscsi-initiator-utils packages that fix a security flaw in\nopen-iscsi are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe iscsi package provides the server daemon for the iSCSI protocol,\nas well as the utility programs used to manage it. iSCSI is a protocol\nfor distributed disk access using SCSI commands sent over Internet\nProtocol networks.\n\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\n\nAll users of open-iscsi should upgrade to this updated package which\nresolves these issues.\n\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\nPreview.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013937.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9bc8d7aa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-June/013938.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dacd2f82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected iscsi-initiator-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"iscsi-initiator-utils-6.2.0.742-0.6.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:44:48", "description": "Several local and remote vulnerabilities have been discovered in\nopen-iscsi, a transport-independent iSCSI implementation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-3099\n Olaf Kirch discovered that due to a programming error\n access to the management interface socket was\n insufficiently protected, which allows denial of\n service.\n\n - CVE-2007-3100\n Olaf Kirch discovered that access to a semaphore used in\n the logging code was insufficiently protected, allowing\n denial of service.\n\nThe oldstable distribution (sarge) doesn't include open-iscsi.", "edition": 27, "published": "2007-06-21T00:00:00", "title": "Debian DSA-1314-1 : open-iscsi - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2007-06-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:open-iscsi"], "id": "DEBIAN_DSA-1314.NASL", "href": "https://www.tenable.com/plugins/nessus/25558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1314. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25558);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_xref(name:\"DSA\", value:\"1314\");\n\n script_name(english:\"Debian DSA-1314-1 : open-iscsi - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local and remote vulnerabilities have been discovered in\nopen-iscsi, a transport-independent iSCSI implementation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2007-3099\n Olaf Kirch discovered that due to a programming error\n access to the management interface socket was\n insufficiently protected, which allows denial of\n service.\n\n - CVE-2007-3100\n Olaf Kirch discovered that access to a semaphore used in\n the logging code was insufficiently protected, allowing\n denial of service.\n\nThe oldstable distribution (sarge) doesn't include open-iscsi.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1314\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the open-iscsi packages.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 2.0.730-1etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"open-iscsi\", reference:\"2.0.730-1etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:02", "description": "This update to iscsi-initiator-utils is a rebase to the upstream\nopen-iscsi-2.0-865 release. This release include two security fixes,\nbug fixes and new features.\n\nThe tools in this release use a different db format, but the tools are\nable to read old and new formats. If you want to use the new features\nyou must update the db, by rediscovering your targets and\nreconfiguring them (set per target CHAP, iscsi.node, iscsi.conn, etc\nsettings again). Once the db has been updated you cannot use older\ntools on it.\n\nSee the README and man pages for information on the new features.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : iscsi-initiator-utils-6.2.0.865-0.0.fc7 (2007-0543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2007-11-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:iscsi-initiator-utils-debuginfo", "p-cpe:/a:fedoraproject:fedora:iscsi-initiator-utils"], "id": "FEDORA_2007-0543.NASL", "href": "https://www.tenable.com/plugins/nessus/27669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0543.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27669);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_bugtraq_id(24471);\n script_xref(name:\"FEDORA\", value:\"2007-0543\");\n\n script_name(english:\"Fedora 7 : iscsi-initiator-utils-6.2.0.865-0.0.fc7 (2007-0543)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to iscsi-initiator-utils is a rebase to the upstream\nopen-iscsi-2.0-865 release. This release include two security fixes,\nbug fixes and new features.\n\nThe tools in this release use a different db format, but the tools are\nable to read old and new formats. If you want to use the new features\nyou must update the db, by rediscovering your targets and\nreconfiguring them (set per target CHAP, iscsi.node, iscsi.conn, etc\nsettings again). Once the db has been updated you cannot use older\ntools on it.\n\nSee the README and man pages for information on the new features.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/002213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?987d45bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected iscsi-initiator-utils and / or\niscsi-initiator-utils-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:iscsi-initiator-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"iscsi-initiator-utils-6.2.0.865-0.0.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"iscsi-initiator-utils-debuginfo-6.2.0.865-0.0.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils / iscsi-initiator-utils-debuginfo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:48", "description": "This update fixes some possible vulnerabilities in the open-iscsi\ndaemon. (CVE-2007-3099 / CVE-2007-3100)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : open-iscsi (ZYPP Patch Number 4035)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_OPEN-ISCSI-4035.NASL", "href": "https://www.tenable.com/plugins/nessus/29533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29533);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n\n script_name(english:\"SuSE 10 Security Update : open-iscsi (ZYPP Patch Number 4035)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes some possible vulnerabilities in the open-iscsi\ndaemon. (CVE-2007-3099 / CVE-2007-3100)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-3100.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4035.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"open-iscsi-2.0.707-0.24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:50", "description": "Updated iscsi-initiator-utils packages that fix a security flaw in\nopen-iscsi are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe iscsi package provides the server daemon for the iSCSI protocol,\nas well as the utility programs used to manage it. iSCSI is a protocol\nfor distributed disk access using SCSI commands sent over Internet\nProtocol networks.\n\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\n\nAll users of open-iscsi should upgrade to this updated package which\nresolves these issues.\n\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\nPreview.", "edition": 28, "published": "2007-06-14T00:00:00", "title": "RHEL 5 : iscsi-initiator-utils (RHSA-2007:0497)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2007-06-14T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:iscsi-initiator-utils"], "id": "REDHAT-RHSA-2007-0497.NASL", "href": "https://www.tenable.com/plugins/nessus/25523", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0497. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25523);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_bugtraq_id(24471);\n script_xref(name:\"RHSA\", value:\"2007:0497\");\n\n script_name(english:\"RHEL 5 : iscsi-initiator-utils (RHSA-2007:0497)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated iscsi-initiator-utils packages that fix a security flaw in\nopen-iscsi are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe iscsi package provides the server daemon for the iSCSI protocol,\nas well as the utility programs used to manage it. iSCSI is a protocol\nfor distributed disk access using SCSI commands sent over Internet\nProtocol networks.\n\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\n\nAll users of open-iscsi should upgrade to this updated package which\nresolves these issues.\n\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\nPreview.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3100\"\n );\n # http://kbase.redhat.com/faq/FAQ_105_10521.shtm\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/kb/FAQ_105_10521.shtm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0497\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected iscsi-initiator-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0497\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"iscsi-initiator-utils-6.2.0.742-0.6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"iscsi-initiator-utils-6.2.0.742-0.6.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:43:44", "description": "Olaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : iscsi-initiator-utils on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20070614_ISCSI_INITIATOR_UTILS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60208);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n\n script_name(english:\"Scientific Linux Security Update : iscsi-initiator-utils on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Olaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=1619\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54534160\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected iscsi-initiator-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"iscsi-initiator-utils-6.2.0.742-0.6.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:44:00", "description": "From Red Hat Security Advisory 2007:0497 :\n\nUpdated iscsi-initiator-utils packages that fix a security flaw in\nopen-iscsi are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe iscsi package provides the server daemon for the iSCSI protocol,\nas well as the utility programs used to manage it. iSCSI is a protocol\nfor distributed disk access using SCSI commands sent over Internet\nProtocol networks.\n\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\n\nAll users of open-iscsi should upgrade to this updated package which\nresolves these issues.\n\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\nPreview.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : iscsi-initiator-utils (ELSA-2007-0497)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:iscsi-initiator-utils"], "id": "ORACLELINUX_ELSA-2007-0497.NASL", "href": "https://www.tenable.com/plugins/nessus/67523", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0497 and \n# Oracle Linux Security Advisory ELSA-2007-0497 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67523);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n script_bugtraq_id(24471);\n script_xref(name:\"RHSA\", value:\"2007:0497\");\n\n script_name(english:\"Oracle Linux 5 : iscsi-initiator-utils (ELSA-2007-0497)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0497 :\n\nUpdated iscsi-initiator-utils packages that fix a security flaw in\nopen-iscsi are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe iscsi package provides the server daemon for the iSCSI protocol,\nas well as the utility programs used to manage it. iSCSI is a protocol\nfor distributed disk access using SCSI commands sent over Internet\nProtocol networks.\n\nOlaf Kirch discovered two flaws in open-iscsi. A local attacker could\nuse these flaws to cause the server daemon to stop responding, leading\nto a denial of service. (CVE-2007-3099, CVE-2007-3100).\n\nAll users of open-iscsi should upgrade to this updated package which\nresolves these issues.\n\nNote: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.\nopen-iscsi is available in Red Hat Enterprise Linux 5 as a Technology\nPreview.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000224.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected iscsi-initiator-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"iscsi-initiator-utils-6.2.0.742-0.6.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:48", "description": "This update fixes insecure privileges and credential verification with\nthe iscsi daemon. (CVE-2007-3099, CVE-2007-3100)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : open-iscsi (open-iscsi-4034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:open-iscsi"], "id": "SUSE_OPEN-ISCSI-4034.NASL", "href": "https://www.tenable.com/plugins/nessus/27362", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update open-iscsi-4034.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27362);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3099\", \"CVE-2007-3100\");\n\n script_name(english:\"openSUSE 10 Security Update : open-iscsi (open-iscsi-4034)\");\n script_summary(english:\"Check for the open-iscsi-4034 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes insecure privileges and credential verification with\nthe iscsi daemon. (CVE-2007-3099, CVE-2007-3100)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected open-iscsi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"open-iscsi-2.0.713-13\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3099", "CVE-2007-3100"], "description": "The iscsi package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks. ", "modified": "2007-06-18T22:30:33", "published": "2007-06-18T22:30:33", "id": "FEDORA:L5IMUOOT020791", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: iscsi-initiator-utils-6.2.0.865-0.0.fc7", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}]}