Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

[CVE-2007-3099, CVE-2007-3100] local DoS vulnerabilities

Related Vulnerabilities: CVE-2007-3099   CVE-2007-3100  

Source

Debian Bug report logs - #429225
[CVE-2007-3099, CVE-2007-3100] local DoS vulnerabilities

version graph

Package: open-iscsi; Maintainer for open-iscsi is Debian iSCSI Maintainers <open-iscsi@packages.debian.org>; Source for open-iscsi is src:open-iscsi (PTS, buildd, popcon).

Reported by: Florian Weimer <fw@deneb.enyo.de>

Date: Sat, 16 Jun 2007 11:15:02 UTC

Severity: normal

Tags: security

Fixed in versions open-iscsi/2.0.865-1, open-iscsi/2.0.730-1etch4

Done: "Thijs Kinkhorst" <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Philipp Hug <debian@hug.cx>:
Bug#429225; Package open-iscsi. (full text, mbox, link).

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to Philipp Hug <debian@hug.cx>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>
To: submit@bugs.debian.org
Subject: [CVE-2007-3100] local DoS through insecure semaphore
Date: Sat, 16 Jun 2007 13:11:43 +0200
Package: open-iscsi
Tags: security

A minor DoS vulnerability has been discovered in open-iscsi:

| usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before
| 2.0-865 uses a semaphore with insecure permissions
| (world-writable/world-readable) for managing log messages using shared
| memory, which allows local users to cause a denial of service (hang)
| by grabbing the semaphore.

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3100>

I don't know if this is worth a security update for stable.

Please mention the name CVE-2007-3100 in the changelog when fixing
this bug.

Information forwarded to debian-bugs-dist@lists.debian.org, Philipp Hug <debian@hug.cx>:
Bug#429225; Package open-iscsi. (full text, mbox, link).

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Philipp Hug <debian@hug.cx>. (full text, mbox, link).

Message #10 received at 429225@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>
To: 429225@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#429225: Acknowledgement ([CVE-2007-3100] local DoS through insecure semaphore)
Date: Sat, 16 Jun 2007 13:24:14 +0200
retitle 429225 [CVE-2007-3099, CVE-2007-3100] local DoS vulnerabilities
thanks

Actually, there are two distinct vulnerabilities:

<http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719>

(The description of CVE-2007-3099 is incorrect re the remote attack
vector; I've already told MITRE about this in a separate message.)

Changed Bug title to `[CVE-2007-3099, CVE-2007-3100] local DoS vulnerabilities' from `[CVE-2007-3100] local DoS through insecure semaphore'. Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. (Sat, 16 Jun 2007 11:27:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#429225; Package open-iscsi. (full text, mbox, link).

Acknowledgement sent to Philipp Hug <debian@hug.cx>:
Extra info received and forwarded to list. (full text, mbox, link).

Message #17 received at 429225@bugs.debian.org (full text, mbox, reply):

From: Philipp Hug <debian@hug.cx>
To: Florian Weimer <fw@deneb.enyo.de>, 429225@bugs.debian.org
Subject: Re: Bug#429225: [CVE-2007-3100] local DoS through insecure semaphore
Date: Sat, 16 Jun 2007 13:34:48 +0200
I'll upload a new upstream version to unstable today with a fix for 
CVS-2007-3100 included.
I also prepared a fix for etch.

greetings
philipp

Bug marked as fixed in version 2.0.865-1, send any further explanations to Florian Weimer <fw@deneb.enyo.de> Request was from "Thijs Kinkhorst" <thijs@debian.org> to control@bugs.debian.org. (Tue, 18 Mar 2008 12:42:10 GMT) (full text, mbox, link).

Bug marked as fixed in version 2.0.730-1etch4, send any further explanations to Florian Weimer <fw@deneb.enyo.de> Request was from "Thijs Kinkhorst" <thijs@debian.org> to control@bugs.debian.org. (Tue, 18 Mar 2008 12:42:11 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 16 Apr 2008 07:32:19 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:16:41 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started