[Bug 408915] Re: Temporary file vulnerability in iscsi_discovery
Jamie Strandboge
jamie at ubuntu.com
Fri Oct 14 18:41:26 UTC 2011
** Changed in: open-iscsi (Ubuntu Hardy)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to open-iscsi in Ubuntu.
https://bugs.launchpad.net/bugs/408915
Title:
Temporary file vulnerability in iscsi_discovery
Status in “open-iscsi” package in Ubuntu:
Fix Released
Status in “open-iscsi” source package in Hardy:
Fix Committed
Status in “open-iscsi” source package in Intrepid:
Invalid
Status in “open-iscsi” source package in Jaunty:
Won't Fix
Status in “open-iscsi” source package in Karmic:
Fix Released
Bug description:
Binary package hint: open-iscsi
The iscsi_discovery shell script, typically run as root, contains the
following code:
df=/tmp/discovered.$$
dbg "starting discovery to $ip"
iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df}
This is a standard security vulnerability and should be replaced by
use of mktemp.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/408915/+subscriptions
More information about the foundations-bugs
mailing list