Lucene search

Veracode Vulnerability DatabaseVERACODE:23097

HistoryApr 10, 2020 - 12:15 a.m.

Denial Of Service (DoS)

2020-04-1000:15:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

iscsi-initiator-utils is vulnerable to denial of service (DoS). It uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.

CPENameOperatorVersion
iscsi-initiator-utilseq6.2.0.742__0.5.el5
iscsi-initiator-utilseq6.2.0.742__0.5.el5

CPE	Name	Operator	Version
	iscsi-initiator-utils	eq	6.2.0.742__0.5.el5
	iscsi-initiator-utils	eq	6.2.0.742__0.5.el5

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719

kbase.redhat.com/faq/FAQ_105_10521.shtm

osvdb.org/37270

secunia.com/advisories/25679

secunia.com/advisories/25749

secunia.com/advisories/26438

secunia.com/advisories/26543

support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html

svn.berlios.de/viewcvs/open-iscsi?rev=858&view=rev

www.debian.org/security/2007/dsa-1314

www.novell.com/linux/security/advisories/2007_17_sr.html

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2007-0497.html

www.securityfocus.com/bid/24471

www.securitytracker.com/id?1018246

access.redhat.com/errata/RHSA-2007:0497

exchange.xforce.ibmcloud.com/vulnerabilities/34943

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10653

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:23097