CVE-2007-3100 - OpenCVE

usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Open Iscsi

Configuration 1 [-]

AND

OR	cpe:2.3:o:redhat:enterprise_linux:5.0::desktop:::::
	cpe:2.3:o:redhat:enterprise_linux:5.0::server:::::

cpe:2.3:a:redhat:open_iscsi:*:*:*:*:*:*:*:*

References

Link	Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719
http://osvdb.org/37270
http://secunia.com/advisories/25679	Patch Vendor Advisory
http://secunia.com/advisories/25749
http://secunia.com/advisories/26438
http://secunia.com/advisories/26543
http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html
http://svn.berlios.de/viewcvs/open-iscsi?rev=858&view=rev
http://www.debian.org/security/2007/dsa-1314
http://www.novell.com/linux/security/advisories/2007_17_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0497.html
http://www.securityfocus.com/bid/24471
http://www.securitytracker.com/id?1018246
https://exchange.xforce.ibmcloud.com/vulnerabilities/34943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10653

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2007-06-14T19:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2007-06-07T00:00:00

Link: CVE-2007-3100

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-14T19:30:00.000

Modified: 2017-10-11T01:32:41.927

Link: CVE-2007-3100

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719"}, {"name": "25679", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25679"}, {"name": "37270", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37270"}, {"name": "24471", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24471"}, {"name": "openiscsi-log-dos(34943)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34943"}, {"name": "1018246", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018246"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html"}, {"name": "26438", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26438"}, {"name": "SUSE-SR:2007:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"}, {"name": "26543", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26543"}, {"name": "25749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25749"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.berlios.de/viewcvs/open-iscsi?rev=858&view=rev"}, {"name": "oval:org.mitre.oval:def:10653", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10653"}, {"name": "DSA-1314", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1314"}, {"name": "RHSA-2007:0497", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0497.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-3100", "datePublished": "2007-06-14T19:00:00", "dateReserved": "2007-06-07T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*", "matchCriteriaId": "FE524195-06F1-4504-9223-07596588CC70", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:open_iscsi:*:*:*:*:*:*:*:*", "matchCriteriaId": "A92F5C2A-6D3A-48DB-9B7B-9438CD68881C", "versionEndIncluding": "2.0-864", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore."}, {"lang": "es", "value": "usr/log.c en iscsid en open-iscsi (iscsi-initiator-utils) anterior a 2.0-865 utiliza un sem\u00e1foro con permisos no seguros (world-writable/world-readable) para gestionar los mensajes de log utilizando memoria compartida, lo cual permite a usuarios locales provocar denegaci\u00f3n de servicio (cuelgue) tomando el sem\u00e1foro."}], "id": "CVE-2007-3100", "lastModified": "2017-10-11T01:32:41.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-14T19:30:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/37270"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25679"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25749"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/26438"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/26543"}, {"source": "secalert@redhat.com", "url": "http://support.novell.com/techcenter/psdb/187174044e1dbe78726bcf840f7530ed.html"}, {"source": "secalert@redhat.com", "url": "http://svn.berlios.de/viewcvs/open-iscsi?rev=858&view=rev"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1314"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0497.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/24471"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1018246"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34943"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10653"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}