iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
BID:26299
Info
iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
| Bugtraq ID: | 26299 |
| Class: | Design Error |
| CVE: |
CVE-2007-5827 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 02 2007 12:00AM |
| Updated: | Nov 15 2007 12:40AM |
| Credit: | Martin Zobel-Helas discovered this vulnerability. |
| Vulnerable: |
iSCSI Enterprise Target iSCSI Enterprise Target 0.4.15 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha |
| Not Vulnerable: | |
Discussion
iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
iSCSI Enterprise Target is prone to a local information-disclosure vulnerability because the software sets incorrect permissions on the '/etc/ietd.conf' file.
Attackers can exploit this issue to obtain usernames and passwords as well as information about the configuration of the affected application.
This issue affects iSCSI Enterprise Target 0.4.15; other versions may also be affected.
iSCSI Enterprise Target is prone to a local information-disclosure vulnerability because the software sets incorrect permissions on the '/etc/ietd.conf' file.
Attackers can exploit this issue to obtain usernames and passwords as well as information about the configuration of the affected application.
This issue affects iSCSI Enterprise Target 0.4.15; other versions may also be affected.
Exploit / POC
iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
iSCSI Enterprise Target IETD.CONF Local Information Disclosure Vulnerability
References:
References:
- Debian Bug report logs - #448873 (Debian)
- iSCSI Enterprise Target Homepage (iSCSI Enterprise Target)