Vulnerability Description
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux | 10 |
| Opensuse | Opensuse | 10.3 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:109
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:109
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241
FAQ
What is CVE-2009-1297?
CVE-2009-1297 is a vulnerability with a CVSS score of 4.4 (MEDIUM). iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symli...
How severe is CVE-2009-1297?
CVE-2009-1297 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1297?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux, Opensuse Opensuse.