A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. If a system enables the targetclid socket, a local attacker can use this flaw to modify the iSCSI configuration and escalate their privileges to root.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10699 | Issue Tracking Patch Third Party Advisory |
https://github.com/open-iscsi/targetcli-fb/issues/162 | Third Party Advisory |
https://security.gentoo.org/glsa/202008-22 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-04-15T00:00:00
Updated: 2022-10-07T00:00:00
Reserved: 2020-03-20T00:00:00
Link: CVE-2020-10699
JSON object: View
NVD Information
Status : Modified
Published: 2020-04-15T14:15:19.873
Modified: 2023-11-07T03:14:14.607
Link: CVE-2020-10699
JSON object: View
Redhat Information
No data.
CWE