Colin Watson reported an unsafe temporary file use, present in scsi-initiator-utils's iscsi_discovery shell script. A local attacker could use this flaw to perform symlink attack against user running this script, which will result in overwrite of arbitrary file writable by this script. References: ----------- https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/408915 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547011 Proposed patch: --------------- http://launchpadlibrarian.net/29898683/408915.patch Credit: ------- Colin Watson
Created attachment 361464 [details] Local copy of open-iscsi CVE-2009-1297 patch
This issue does NOT affect the versions of the iscsi-initiator-utils package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue affects the version of the iscsi-initiator-utils package, as shipped with Red Hat Enterprise Linux 5. --------- This issue affects the latest versions of the iscsi-initiator-utils package, as shipped with Fedora releases of 10 and 11 (iscsi-initiator-utils-6.2.0.870-1.0.fc10 and iscsi-initiator-utils-6.2.0.870-8.fc11.1). Please schedule the Fedora updates.
To correct comment #2: Affected script is part of the iscsi-initialtor-utils source RPMs in Red Hat Enterprise Linux 5 and current Fedora versions, however, that script is not shipped in the binary package. Hence Red Hat Enterprise Linux 5 and Fedora 10 and 11 are unaffected too.