[Bug 408915] Re: Temporary file vulnerability in iscsi_discovery

[Launchpad Bug Tracker]

This bug was fixed in the package open-iscsi - 2.0.865-1ubuntu3.5

---------------
open-iscsi (2.0.865-1ubuntu3.5) hardy-security; urgency=low

  * SECURITY UPDATE: temporary file vulnerability (LP: #408915)
    - utils/iscsi_discovery: use mktemp to store iscsiadm -m discovery result
      rather than writing it to an insecurely-created temporary file. Move
      cleanup sooner so we don't leave files around if nothing is discovered.
    - CVE-2009-1297
 -- Jamie Strandboge <jamie at ubuntu.com>   Thu, 20 Oct 2011 14:23:00 -0500

** Changed in: open-iscsi (Ubuntu Hardy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to open-iscsi in Ubuntu.
https://bugs.launchpad.net/bugs/408915

Title:
  Temporary file vulnerability in iscsi_discovery

Status in “open-iscsi” package in Ubuntu:
  Fix Released
Status in “open-iscsi” source package in Hardy:
  Fix Released
Status in “open-iscsi” source package in Intrepid:
  Invalid
Status in “open-iscsi” source package in Jaunty:
  Won't Fix
Status in “open-iscsi” source package in Karmic:
  Fix Released

Bug description:
  Binary package hint: open-iscsi

  The iscsi_discovery shell script, typically run as root, contains the
  following code:

          df=/tmp/discovered.$$

          dbg "starting discovery to $ip"
          iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df}

  This is a standard security vulnerability and should be replaced by
  use of mktemp.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/408915/+subscriptions