Local File Overwrite Vulnerability in open-iscsi for SUSE Linux Products
CVE-2009-1297

Currently unrated

Key Information:

Vendor: Novell
Status: Suse Linux; Opensuse
Vendor: CVE Published:; 23 October 2009

What is CVE-2009-1297?

The open-iscsi component in SUSE openSUSE and SUSE Linux Enterprise is susceptible to a local file overwrite vulnerability, enabling a local user to exploit a symlink attack on a poorly secured temporary file with a predictable name. This flaw can lead to overwriting arbitrary files, potentially compromising system integrity and data confidentiality. Users and administrators should apply appropriate security measures and updates to mitigate this risk.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2009
Vulnerability Reserved
Apr 15, 2009

Novell

What is CVE-2009-1297?

References

Timeline