| Summary: | open-iscsi missing update for security issue CVE-2009-1297 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, stormi-mageia, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/464085/ | ||
| Whiteboard: | MGA1TOO feedback has_procedure mga2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK | ||
| Source RPM: | open-iscsi-2.0-871.4.mga1.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 5525 | ||
| Bug Blocks: | |||
|
Description
David Walser
2012-08-14 19:24:11 CEST
David Walser
2012-08-15 17:49:06 CEST
Whiteboard:
(none) =>
MGA1TOO Am I correct that this package requires a network accessible sans drive? CC:
(none) =>
davidwhodgins A network accessible SAN I think, and then a card for connecting to it. From talking to one of my co-workers it sounds like there might be specific cards for it, or it can be used over fiber channel with a fiber channel card. Maybe Thomas knows more about how this package is/can be used. CC:
(none) =>
tmb Thanks. I'll post a request for testers to the general discussion list. If we don't get any volunteers in a reasonable time, we'll have to validate after testing that it installs cleanly, as that's all we can test without the specific hardware. After more reading about iscsi, it looks like the package iscsitarget should be able to provide a target for open-iscsi to connect to. I'll see if I can get that working.
Samuel Verschelde
2012-08-17 09:47:04 CEST
CC:
(none) =>
stormi
Dave Hodgins
2012-08-17 23:48:00 CEST
Depends on:
(none) =>
5525 http://techthrob.com/2009/03/07/iscsi-101-setting-up-a-simple-iscsi-storage-area-network/ has a procedure, but testing this bug depends on getting iscsitarget working, which is currently blocked by bug 5525. Whiteboard:
MGA1TOO =>
MGA1TOO feedback i think we should probably move on with this now and just check it installs and updates without any issues. rpmdiff shows these files changed,so just checking the open-iscsi service can be started and they can be called.. S.5........ /sbin/iscsi-iname S.5........ /sbin/iscsi_discovery S.5........ /sbin/iscsiadm S.5........ /sbin/iscsid Before ------ # service open-iscsi start Starting open-iscsi (via systemctl): [ OK ] # iscsi_discovery 127.0.0.1 iscsiadm: No active sessions. iscsiadm: Cannot perform discovery. Initiatorname required. iscsiadm: Discovery process to 127.0.0.1:3260 failed to create a discovery session. iscsiadm: Could not perform SendTargets discovery. failed to discover targets at 127.0.0.1 # iscsi-iname iqn.2005-03.org.open-iscsi:2a1858afb8 # iscsiadm -m discovery 127.0.0.1:3260 via sendtargets After ----- # service open-iscsi restart Restarting open-iscsi (via systemctl): [ OK ] # iscsi_discovery 127.0.0.1 iscsiadm: No active sessions. iscsiadm: Cannot perform discovery. Initiatorname required. iscsiadm: Discovery process to 127.0.0.1:3260 failed to create a discovery session. iscsiadm: Could not perform SendTargets discovery. iscsiadm: no records found! iscsiadm: update requires name and value iscsiadm: no records found! Cannot login over tcp to portal iscsiadm: no records found! iscsiadm: no records found! iscsiadm: update requires name and value iscsiadm: no records found! Cannot login over tcp to portal iscsiadm: no records found! discovered 1 targets at 127.0.0.1 # iscsi-iname iqn.2005-03.org.open-iscsi:cf1f6945c47 # iscsiadm -m discovery 127.0.0.1:3260 via sendtargets So iscsi_discovery returns different data but does seem to do something and appears to show configuration errors, which is to be expected. Testing complete Mageia 2 x86_64 Whiteboard:
MGA1TOO feedback =>
MGA1TOO feedback has_procedure mga2-64-OK # systemctl status open-iscsi.service shows the service started ok and confirms the lack of configuration so the previous errors are indeed expected. iscsid[18690]: An InitiatorName= is required, but was not found in /etc/iscsi/initiatorname.iscsi Validating the update. Could someone from the sysadmin team push the srpm open-iscsi-2.0-871.4.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm open-iscsi-2.0-871.4.1.mga1.src.rpm freom Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated open-iscsi package fixes security vulnerability: Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges (CVE-2009-1297). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1297 http://www.ubuntu.com/usn/usn-1235-1/ https://bugs.mageia.org/show_bug.cgi?id=7057 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241 Status:
NEW =>
RESOLVED |