| Vulnerability Name: | CVE-2007-3099 (CCN-34944) | ||||||||||||||||||||||||||||
| Assigned: | 2007-06-11 | ||||||||||||||||||||||||||||
| Published: | 2007-06-11 | ||||||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||||||
| Summary: | usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||
| References: | Source: CCN Type: Red Hat Bugzilla Bug 243719 CVE-2007-3099 dos flaws in open-iscsi (CVE-2007-3100) Source: CONFIRM Type: UNKNOWN http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 Source: MITRE Type: CNA CVE-2007-3099 Source: OSVDB Type: UNKNOWN 37269 Source: CCN Type: RHSA-2007-0497 Moderate: iscsi-initiator-utils security update Source: SECUNIA Type: Patch, Vendor Advisory 25679 Source: SECUNIA Type: UNKNOWN 25749 Source: SECUNIA Type: UNKNOWN 26438 Source: SECUNIA Type: UNKNOWN 26543 Source: CCN Type: SECTRACK ID: 1018246 Open-iSCSI Lets Local Users Deny Service Source: CONFIRM Type: UNKNOWN http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html Source: CONFIRM Type: UNKNOWN http://svn.berlios.de/viewcvs/open-iscsi?rev=857&view=rev Source: DEBIAN Type: UNKNOWN DSA-1314 Source: DEBIAN Type: DSA-1314 open-iscsi -- several vulnerabilities Source: SUSE Type: UNKNOWN SUSE-SR:2007:017 Source: CCN Type: Open-iSCSI Web site Open-iSCSI project: Open-iSCSI - RFC3720 architecture and implementation Source: CCN Type: OSVDB ID: 37269 open-iscsi (iscsi-initiator-utils) iscsid usr/mgmt_ipc.c Mangement Interface Remote DoS Source: REDHAT Type: UNKNOWN RHSA-2007:0497 Source: BID Type: UNKNOWN 24471 Source: CCN Type: BID-24471 Open ISCSI Multiple Local Denial Of Service Vulnerabilities Source: SECTRACK Type: UNKNOWN 1018246 Source: XF Type: UNKNOWN openiscsi-mgmtipc-dos(34944) Source: XF Type: UNKNOWN openiscsi-mgmtipc-dos(34944) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11595 Source: SUSE Type: SUSE-SR:2007:017 SUSE Security Summary Report | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||