CVE-2009-1297

Description

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

How to fix CVE-2009-1297

To remediate CVE-2009-1297, upgrade the affected package to a fixed version below.

• Debian/open-iscsi—upgrade to 2.0.871-1 or later

Is CVE-2009-1297 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.0.871-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-1297