USN-1235-1: Open-iSCSI vulnerability
20 October 2011
iscsi_discovery in open-iscsi could be made to overwrite files as the administrator.
Releases
Packages
- open-iscsi - Open Source iSCSI implementation
Details
Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely
create temporary files. A local attacker could exploit this to to overwrite
arbitrary files with root privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 8.04
In general, a standard system update will make all the necessary changes.