Bug 523936 (CVE-2009-1297)

Summary: CVE-2009-1297 iscsi-initiator-utils: unsafe tmp file use in iscsi_discovery script
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hdegoede, mjc
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/408915
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-29 15:16:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Local copy of open-iscsi CVE-2009-1297 patch none

Description Jan Lieskovsky 2009-09-17 09:46:26 UTC 
Colin Watson reported an unsafe temporary file use, present in
scsi-initiator-utils's iscsi_discovery shell script. A local
attacker could use this flaw to perform symlink attack against
user running this script, which will result in overwrite of
arbitrary file writable by this script.

References:
-----------
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/408915
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547011

Proposed patch:
---------------
http://launchpadlibrarian.net/29898683/408915.patch

Credit:
-------
Colin Watson
Comment 1 Jan Lieskovsky 2009-09-17 09:51:17 UTC 
Created attachment 361464 [details]
Local copy of open-iscsi CVE-2009-1297 patch
Comment 2 Jan Lieskovsky 2009-09-17 09:54:20 UTC 
This issue does NOT affect the versions of the iscsi-initiator-utils 
package, as shipped with Red Hat Enterprise Linux 3 and 4.

This issue affects the version of the iscsi-initiator-utils package,
as shipped with Red Hat Enterprise Linux 5.

---------

This issue affects the latest versions of the iscsi-initiator-utils package,
as shipped with Fedora releases of 10 and 11 
(iscsi-initiator-utils-6.2.0.870-1.0.fc10 and iscsi-initiator-utils-6.2.0.870-8.fc11.1).

Please schedule the Fedora updates.
Comment 5 Tomas Hoger 2009-09-29 15:16:05 UTC 
To correct comment #2:

Affected script is part of the iscsi-initialtor-utils source RPMs in Red Hat Enterprise Linux 5 and current Fedora versions, however, that script is not shipped in the binary package.  Hence Red Hat Enterprise Linux 5 and Fedora 10 and 11 are unaffected too.