198209 CVE-2007-5827 2007-11-05 20:51 0000 sys-block/iscsitarget < 0.4.15-r1 insecure file permission (CVE-2007-5827) 2007-11-06 04:30:59 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/27483/ ~3 [noglsa] P2 trivial --- 1 py@gentoo.org security@gentoo.org robbat2@gentoo.org py@gentoo.org 2007-11-05 20:51:50 0000 Description: A weakness has been discovered in iSCSI Enterprise Target, which can be exploited by malicious, local users to disclose sensitive information. The weakness is caused due to the install script applying world readable permissions to the "/etc/ietd.conf" file, which can be exploited to e.g. disclose user names and passwords. The weakness is confirmed in version 0.4.15. Other versions may also be affected. Solution: Apply correct file permissions to "/etc/ietd.conf". Provided and/or discovered by: Reported in a Debian bug by Martin Zobel-Helas. Original Advisory: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873 py@gentoo.org 2007-11-05 20:54:38 0000 robbat2, please provide a fixed ebuild. robbat2@gentoo.org 2007-11-06 00:42:41 0000 in cvs. rbu@gentoo.org 2007-11-06 01:14:19 0000 Thanks for the fast fix.