Astra Linux - уязвимость в open-iscsi

A issue was discovered in Contiki version 3.0. A out-of-bounds read vulnerability exists in the uIP TCP/IP stack component when calculating checksums for IP packets in the upperlayerchksum function in net/ipv4/uip.c...

MiracleLinux 3 : iscsi-initiator-utils-6.2.0.865-0.8.1AXS3 (AXBA:2008-141:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXBA:2008-141:01 advisory. - usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the n...

Linux Distros Unpatched Vulnerability : CVE-2021-3139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing...

USN-6259-1 open-iscsi vulnerabilities

Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. CVE-2020-13987 Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI...

SUSE CVE-2007-3099

usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...

SUSE CVE-2009-1297

iscsidiscovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise SLE 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name...

SUSE CVE-2020-14019

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...

OESA-2022-1804 targetcli security update

Targetcli is an administration tool for managing storage targets using the kernel LIO core target and compatible target fabric modules. Security Fixes: Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target and for the backup directory and backup files.CVE-2020-13867...

OPENSUSE-SU-2021:0089-1 Security update for open-iscsi

This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc1179908, including: uip: check for TCP urgent pointer past end of frame uip: check for u8 overflow when processing TCP options uip: check for header length underflow during checksum...

python-rtslib: weak permissions for /etc/target/saveconfig.json

A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to...

python-rtslib: weak permissions for /etc/target/saveconfig.json

A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to...

PYSEC-2020-250

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...

DEBIAN-CVE-2020-13867

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target and for the backup directory and backup files...

Open-iSCSI Buffer Overflow Vulnerability

Open-iSCSI is an open source iSCSI Small Computer System Interface tool based on the Linux platform. A buffer overflow vulnerability exists in the 'processiscsidbroadcast' function of the iscsiuio/src/unix/iscsidipc.c file in Open-iSCSI 2.0.875 and earlier versions, which stems from the program...

DEBIAN-CVE-2007-3099

usr/mgmtipc.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 checks the client's UID on the listening AFLOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service iscsid exit or iSCSI connection loss...

DEBIAN-CVE-2007-3100

usr/log.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 uses a semaphore with insecure permissions world-writable/world-readable for managing log messages using shared memory, which allows local users to cause a denial of service hang by grabbing the semaphore...