CVE-2007-3099

Name of the Vulnerable Software and Affected Versions: open-iscsi versions prior to 2.0-865

Description: The issue concerns multiple vulnerabilities in the open-iscsi package of the Debian GNU/Linux operating system, which can lead to a disruption in the availability of protected information. A local attacker can exploit these vulnerabilities. Specifically, in the usr/mgmt ipc.c file of iscsid in open-iscsi (iscsi-initiator-utils) before version 2.0-865, the client's UID is checked on the listening AF LOCAL socket instead of the new connection. This allows remote attackers to access the management interface, potentially causing a denial of service, such as the exit of iscsid or the loss of an iSCSI connection.

Recommendations: For versions prior to 2.0-865, update to version 2.0-865 or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation.