Temporary file vulnerability in iscsi_discovery
Bug #408915 reported by
Colin Watson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
open-iscsi (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Hardy |
Fix Released
|
Low
|
Jamie Strandboge | ||
Intrepid |
Invalid
|
Low
|
Unassigned | ||
Jaunty |
Won't Fix
|
Low
|
Unassigned | ||
Karmic |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: open-iscsi
The iscsi_discovery shell script, typically run as root, contains the following code:
dbg "starting discovery to $ip"
iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df}
This is a standard security vulnerability and should be replaced by use of mktemp.
CVE References
Changed in open-iscsi (Ubuntu Hardy): | |
status: | Confirmed → In Progress |
Changed in open-iscsi (Ubuntu Hardy): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in open-iscsi (Ubuntu Hardy): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
CVE-2009-1297