Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 198209
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Pierre-Yves Rofes <py@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 198209 depends on: Show dependency tree
Bug 198209 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-11-05 20:51 0000 
Description:
A weakness has been discovered in iSCSI Enterprise Target, which can be
exploited by malicious, local users to disclose sensitive information.

The weakness is caused due to the install script applying world readable
permissions to the "/etc/ietd.conf" file, which can be exploited to e.g.
disclose user names and passwords.

The weakness is confirmed in version 0.4.15. Other versions may also be
affected.

Solution:
Apply correct file permissions to "/etc/ietd.conf".

Provided and/or discovered by:
Reported in a Debian bug by Martin Zobel-Helas.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873

------- Comment #1 From Pierre-Yves Rofes 2007-11-05 20:54:38 0000 ------- 
robbat2, please provide a fixed ebuild.

------- Comment #2 From Robin Johnson 2007-11-06 00:42:41 0000 ------- 
in cvs.

------- Comment #3 From Robert Buchholz 2007-11-06 01:14:19 0000 ------- 
Thanks for the fast fix.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug