CVE-2009-1297

CWE-5910 documents8 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 94.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Novell Suse LinuxOpensuse Opensuse
Timeline
PublishedOct 23
Latest updateMay 2

Description

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

NVDopensuse/opensuse10.3, 11.1+1
NVDnovell/suse_linux10, 11+1
Debianopen-iscsi< 2.0.871-1+3

🔴Vulnerability Details

3
GHSA
GHSA-ph28-8h48-j3qp: iscsi_discovery in open-iscsi in SUSE openSUSE 102022-05-02
OSV
CVE-2009-1297: iscsi_discovery in open-iscsi in SUSE openSUSE 102009-10-23
CVEList
CVE-2009-1297: iscsi_discovery in open-iscsi in SUSE openSUSE 102009-10-23

📋Vendor Advisories

3
Ubuntu
Open-iSCSI vulnerability2011-10-20
Red Hat
iscsi-initiator-utils: unsafe tmp file use in iscsi_discovery script2009-08-11
Debian
CVE-2009-1297: open-iscsi - iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux ...2009

💬Community

1
Bugzilla
CVE-2009-1297 iscsi-initiator-utils: unsafe tmp file use in iscsi_discovery script2009-09-17
CVE-2009-1297 (MEDIUM CVSS 4.4) | iscsi_discovery in open-iscsi in SU | cvebase.io