Package : open-iscsi
Vulnerability : several
Problem-Type : local/remote
CVE ID : CVE-2007-3099 CVE-2007-3100
Several local and remote vulnerabilities have been discovered in
open-iscsi, a transport-independent iSCSI implementation. The Common
Vulnerabilities and Exposures project identifies the following problems:
Olaf Kirch discovered that due to a programming error access to the
management interface socket was insufficiently protected, which allows
denial of service.
Olaf Kirch discovered that access to a semaphore used in the logging
code was insufficiently protected, allowing denial of service.
The oldstable distribution (sarge) doesn't include open-iscsi.
For the stable distribution (etch) these problems have been fixed
in version 2.0.730-1etch1.
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your open-iscsi packages.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch