Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Red Hat Enterprise Linux 5 RHSA-2007:0497-01 Moderate Open-iscsi DoS Alert

Calendar Jun 14, 2007 User Avatar LinuxSecurity Advisories
2 - 4 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate DoS Red Hat Enterprise Linux iscsi-initiator-utils open-iscsi
Updated iscsi-initiator-utils packages that fix a security flaw in open-iscsi are now available for Red Hat Enterprise Linux 5. Olaf Kirch discovered two flaws in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 
- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: iscsi-initiator-utils security update
Advisory ID:       RHSA-2007:0497-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0497.html
Issue date:        2007-06-14
Updated on:        2007-06-14
Product:           Red Hat Enterprise Linux
Keywords:          open-iscsi
CVE Names:         CVE-2007-3099 CVE-2007-3100 
- ---------------------------------------------------------------------1. Summary:

Updated iscsi-initiator-utils packages that fix a security flaw in
open-iscsi are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64

3. Problem description:

The iscsi package provides the server daemon for the iSCSI protocol, as
well as the utility programs used to manage it. iSCSI is a protocol for
distributed disk access using SCSI commands sent over Internet Protocol
networks.

Olaf Kirch discovered two flaws in open-iscsi.  A local attacker could use
these flaws to cause the server daemon to stop responding, leading to a
denial of service.  (CVE-2007-3099, CVE-2007-3100).

All users of open-iscsi should upgrade to this updated package which
resolves these issues.

Note: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.
open-iscsi is available in Red Hat Enterprise Linux 5 as a Technology
Preview.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

243719 - CVE-2007-3099 dos flaws in open-iscsi (CVE-2007-3100)

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
1641a3f2f9c7c06b923bd5ae7174aafc  iscsi-initiator-utils-6.2.0.742-0.6.el5.src.rpm

i386:
e8241658758493f0ed6b0deb515ff2d4  iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm
b6dae38ce85a004fb6b1c5316472296b  iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.i386.rpm

x86_64:
907981526cb8a26b6c2858fa18fb2b69  iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm
9f1158d5930b38af251ff3070bee2f4d  iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
1641a3f2f9c7c06b923bd5ae7174aafc  iscsi-initiator-utils-6.2.0.742-0.6.el5.src.rpm

i386:
e8241658758493f0ed6b0deb515ff2d4  iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm
b6dae38ce85a004fb6b1c5316472296b  iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.i386.rpm

ia64:
a579261aff181eba655d27527696ad76  iscsi-initiator-utils-6.2.0.742-0.6.el5.ia64.rpm
85e98cd7a8b8139f1dcb3602fc2bf0e3  iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.ia64.rpm

ppc:
87d4404ac8698baa64353da68164500c  iscsi-initiator-utils-6.2.0.742-0.6.el5.ppc.rpm
6b949fdac71d03cbf6c59446762c3653  iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.ppc.rpm

x86_64:
907981526cb8a26b6c2858fa18fb2b69  iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm
9f1158d5930b38af251ff3070bee2f4d  iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package

7. References:

https://www.cve.org/CVERecord?id=CVE-2007-3099
https://www.cve.org/CVERecord?id=CVE-2007-3100
https://access.redhat.com/security/updates/classification#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

Red Hat Enterprise Linux 5 RHSA-2007:0497-01 Moderate Open-iscsi DoS Alert

red hat
Calendar Grey June 14, 2007
Dist Redhat Esm H88
- --------------------------------------------------------------------- Red Hat Security Advisory Sy
Updated iscsi-initiator-utils packages that fix a security flaw in open-iscsi are now available for Red Hat Enterprise Linux 5

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

243719 - CVE-2007-3099 dos flaws in open-iscsi (CVE-2007-3100)

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS: 1641a3f2f9c7c06b923bd5ae7174aafc iscsi-initiator-utils-6.2.0.742-0.6.el5.src.rpm

i386: e8241658758493f0ed6b0deb515ff2d4 iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm b6dae38ce85a004fb6b1c5316472296b iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.i386.rpm

x86_64: 907981526cb8a26b6c2858fa18fb2b69 iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm 9f1158d5930b38af251ff3070bee2f4d iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS: 1641a3f2f9c7c06b923bd5ae7174aafc iscsi-initiator-utils-6.2.0.742-0.6.el5.src.rpm

i386: e8241658758493f0ed6b0deb515ff2d4 iscsi-initiator-utils-6.2.0.742-0.6.el5.i386.rpm b6dae38ce85a004fb6b1c5316472296b iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.i386.rpm

ia64: a579261aff181eba655d27527696ad76 iscsi-initiator-utils-6.2.0.742-0.6.el5.ia64.rpm 85e98cd7a8b8139f1dcb3602fc2bf0e3 iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.ia64.rpm

ppc: 87d4404ac8698baa64353da68164500c iscsi-initiator-utils-6.2.0.742-0.6.el5.ppc.rpm 6b949fdac71d03cbf6c59446762c3653 iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.ppc.rpm

x86_64: 907981526cb8a26b6c2858fa18fb2b69 iscsi-initiator-utils-6.2.0.742-0.6.el5.x86_64.rpm 9f1158d5930b38af251ff3070bee2f4d iscsi-initiator-utils-debuginfo-6.2.0.742-0.6.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

Topics%20covered

Topics Covered

security advisory moderate DoS Red Hat Enterprise Linux iscsi-initiator-utils open-iscsi

References

https://www.cve.org/CVERecord?id=CVE-2007-3099 https://www.cve.org/CVERecord?id=CVE-2007-3100 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0497-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0497.html
Issue date: 2007-06-14
Updated on: 2007-06-14
Product: Red Hat Enterprise Linux
Keywords: open-iscsi

Topic

Topics%20covered

Topics Covered

security advisory moderate DoS Red Hat Enterprise Linux iscsi-initiator-utils open-iscsi

Relevant Releases Architectures

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here