2.1

CVE-2007-3099

usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version5.0 Editiondesktop
RedhatEnterprise Linux Version5.0 Editionserver
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.76% 0.504
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719
http://osvdb.org/37269
http://secunia.com/advisories/25679
Patch
Vendor Advisory
http://secunia.com/advisories/25749
http://secunia.com/advisories/26438
http://secunia.com/advisories/26543
http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html
http://svn.berlios.de/viewcvs/open-iscsi?rev=857&view=rev
http://www.debian.org/security/2007/dsa-1314
http://www.novell.com/linux/security/advisories/2007_17_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0497.html
http://www.securityfocus.com/bid/24471
http://www.securitytracker.com/id?1018246
https://exchange.xforce.ibmcloud.com/vulnerabilities/34944
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11595