USN-1235-1: Open-iSCSI vulnerability
20 October 2011
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
iscsi_discovery in open-iscsi could be made to overwrite files as the administrator.
- open-iscsi - Open Source iSCSI implementation
Colin Watson discovered that iscsi_discovery in Open-iSCSI did not safely create temporary files. A local attacker could exploit this to to overwrite arbitrary files with root privileges.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.