cbcvebase.
CVE-2009-1297
published 2009-10-23

CVE-2009-1297: iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users…

PriorityP416medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.34%
25.5th percentile
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianopen-iscsi< open-iscsi 2.0.871-1 (bookworm)open-iscsi 2.0.871-1 (bookworm)
novellsuse_linux
novellsuse_linux
open-iscsi_projectopen-iscsi>= 0 < 2.0.871-12.0.871-1
open-iscsi_projectopen-iscsi>= 0 < 2.0.871-12.0.871-1
open-iscsi_projectopen-iscsi>= 0 < 2.0.871-12.0.871-1
open-iscsi_projectopen-iscsi>= 0 < 2.0.871-12.0.871-1
opensuseopensuse
opensuseopensuse

CVSS provenance

nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
vendor_debian4.4LOW
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.