CVE-2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.

Published: Oct 23, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1297
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
novell / suse_linux	11	11.x
opensuse / opensuse	11.1	11.1.x
novell / suse_linux	10-sp2	10-sp2.x
opensuse / opensuse	10.3	10.3.x

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:109
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241

Vulnerability Database

289,599

CVE-2009-1297