Novell Home

CVE-2009-1297

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

CVE-2009-1297 at MITRE

Description

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
Novell Bugzilla entry: 528711

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 10.3
  • open-iscsi >= 2.0.866-15.4
 ZYPP Patch Nr: 6454
SAT Patch Nr: 1238
openSUSE 11.0
  • open-iscsi-debuginfo >= 2.0.869-8.2
  • open-iscsi-debugsource >= 2.0.869-8.2
 ZYPP Patch Nr: 6454
SAT Patch Nr: 1238
openSUSE 11.0
  • open-iscsi >= 2.0.869-8.2
 ZYPP Patch Nr: 6454
SAT Patch Nr: 1238
openSUSE 11.1
  • open-iscsi-debuginfo >= 2.0.870-21.3.1
  • open-iscsi-debugsource >= 2.0.870-21.3.1
 ZYPP Patch Nr: 6454
SAT Patch Nr: 1238
openSUSE 11.1
  • open-iscsi >= 2.0.870-21.3.1
 ZYPP Patch Nr: 6454
SAT Patch Nr: 1238
SUSE Linux Enterprise Server RT Solution 10 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server RT Solution 10 for x86
  • open-iscsi >= 2.0.707-0.47
 sles10-sp2. x86-64
sles10-sp2. x86
ZYPP Patch Nr: 6456
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF
SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86
  • open-iscsi-debuginfo >= 2.0.707-0.47
 sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. s390x
sles10-sp2-debuginfo. x86-64
sles10-sp2-sdk. x86
sles10-sp2-debuginfo. s390x
sles10-sp2. x86-64
sles10-sp2-debuginfo. ppc
sles10-sp2. ia64
sles10-sp2. ppc
sles10-sp2-debuginfo. x86
sles10-sp2-sdk. x86-64
sles10-sp2-sdk. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2. x86
ZYPP Patch Nr: 6455
SLE SDK 10 SP2 for IBM iSeries and IBM pSeries
SLE SDK 10 SP2 for IBM zSeries
SLE SDK 10 SP2 for IPF
SLE SDK 10 SP2 for X86-64
SLE SDK 10 SP2 for x86
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP2 for IPF
SUSE Linux Enterprise Server 10 SP2 for x86
  • open-iscsi >= 2.0.707-0.47
 sles10-sp2-sdk. ia64
sles10-sp2-sdk. s390x
sles10-sp2. s390x
sles10-sp2-debuginfo. x86-64
sles10-sp2-sdk. x86
sles10-sp2-debuginfo. s390x
sles10-sp2. x86-64
sles10-sp2-debuginfo. ppc
sles10-sp2. ia64
sles10-sp2. ppc
sles10-sp2-debuginfo. x86
sles10-sp2-sdk. x86-64
sles10-sp2-sdk. ppc
sles10-sp2-debuginfo. ia64
sles10-sp2. x86
ZYPP Patch Nr: 6455
SLES 11 DEBUGINFO
  • open-iscsi-debuginfo >= 2.0.870-26.6.1
  • open-iscsi-debugsource >= 2.0.870-26.6.1
 sle11-debuginfo. ppc
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
SAT Patch Nr: 1240
SLED 11
SLES 11
  • open-iscsi >= 2.0.870-26.6.1
 sle11-debuginfo. ppc
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. s390x
sle11-debuginfo. s390x
sle11-debuginfo. ia64
sle11-debuginfo. x86-64
sle11-debuginfo. x86
sle11-debuginfo. x86
sle11-debuginfo. x86-64
sle11-debuginfo. ia64
sle11-debuginfo. ppc
SAT Patch Nr: 1240

Novell® Making IT Work As One

© 2010 Novell