CVE-2007-3100

Name of the Vulnerable Software and Affected Versions: open-iscsi versions prior to 2.0-865

Description: The issue concerns multiple vulnerabilities in the open-iscsi package of the Debian GNU/Linux operating system. These vulnerabilities can be exploited by a local attacker, potentially leading to a denial of service, which disrupts the availability of protected information. Specifically, the usr/log.c file in iscsid uses a semaphore with insecure permissions for managing log messages, allowing local users to cause a denial of service by grabbing the semaphore.

Recommendations: For open-iscsi versions prior to 2.0-865, consider updating to version 2.0-865 or later to resolve the issue. As a temporary workaround, consider restricting access to the usr/log.c file in iscsid to prevent local users from exploiting the vulnerability. Additionally, restrict the use of the semaphore used for managing log messages to minimize the risk of a denial of service.