A flaw was found in Linux, where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
- Do not enable targetclid, this would prevent the socket to be created
- Manually change the socket's permission every time it is being created :
$ sudo chmod 0600 /var/run/targetclid.sock