Bug 198209 - sys-block/iscsitarget < 0.4.15-r1 insecure file permission (CVE-2007-5827)
Bug#: 198209 (CVE-2007-5827) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: py@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/27483/
Summary: sys-block/iscsitarget < 0.4.15-r1 insecure file permission (CVE-2007-5827)
Keywords:  
Status Whiteboard: ~3 [noglsa]
Opened: 2007-11-05 20:51 0000
Description:   Opened: 2007-11-05 20:51 0000 
Description:
A weakness has been discovered in iSCSI Enterprise Target, which can be
exploited by malicious, local users to disclose sensitive information.

The weakness is caused due to the install script applying world readable
permissions to the "/etc/ietd.conf" file, which can be exploited to e.g.
disclose user names and passwords.

The weakness is confirmed in version 0.4.15. Other versions may also be
affected.

Solution:
Apply correct file permissions to "/etc/ietd.conf".

Provided and/or discovered by:
Reported in a Debian bug by Martin Zobel-Helas.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448873

------- Comment #1 From Pierre-Yves Rofes 2007-11-05 20:54:38 0000 ------- 
robbat2, please provide a fixed ebuild.

------- Comment #2 From Robin Johnson 2007-11-06 00:42:41 0000 ------- 
in cvs.

------- Comment #3 From Robert Buchholz 2007-11-06 01:14:19 0000 ------- 
Thanks for the fast fix.