CVE-2009-1297
Published: 11 August 2009
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
Priority
Status
Package | Release | Status |
---|---|---|
open-iscsi Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.0.865-1ubuntu3.5)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(2.0.870.1-0ubuntu11)
|
|
maverick |
Not vulnerable
(2.0.870.1-0ubuntu11)
|
|
natty |
Not vulnerable
(2.0.870.1-0ubuntu11)
|
|
oneiric |
Not vulnerable
|
|
upstream |
Needed
|
|
Patches: vendor: http://launchpadlibrarian.net/29898683/408915.patch other: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/408915 |