CVE-2007-3099
open-iscsi
EPSS 0.23%
Description
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
How to fix CVE-2007-3099
To remediate CVE-2007-3099, upgrade the affected package to a fixed version below.
- Debian/open-iscsi—upgrade to 2.0.865-1 or later
- Debian/open-iscsi—upgrade to 2.0.730-1etch1 or later
Is CVE-2007-3099 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.0.865-1
- from 0, < 2.0.730-1etch1