Details of VAR-200208-0057

ID

VAR-200208-0057

CVE

CVE-2002-0849

TITLE

iSCSI Insecure Profile Permissions Local Information Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200208-021

DESCRIPTION

Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. iSCSI leaves administrative credentials stored in a world-readable configuration file. The configuration file that iSCSI uses is stored in /etc/iscsi.conf. Reportedly, this file is installed, by default, with world readable and possibly world writeable permissions enabled. This may have some potentially serious consequences as the configuration file also stores password information in plain text. iSCSI (Small Computer System Interface) is a protocol that supports access to storage devices over a TCP/IP network, which facilitates storage consolidation and sharing of storage resources across organizations. The main authentication mechanism of iSCSI uses the CHAP protocol. There is a configuration problem in the Linux implementation of iSCSI, and local attackers can exploit this vulnerability to obtain sensitive information such as authentication passwords. and other sensitive information

Trust: 1.26

sources: NVD: CVE-2002-0849 // BID: 5423 // VULHUB: VHN-5240

AFFECTED PRODUCTS

vendor:	cisco	model:	iscsi driver	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	iscsi driver	scope:	eq	version:	linux	Trust: 0.6
vendor:	cisco	model:	iscsi linux	scope:	eq	version:	2.1.2.1	Trust: 0.3

sources: BID: 5423 // CNNVD: CNNVD-200208-021 // NVD: CVE-2002-0849

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0849
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200208-021
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5240
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-0849
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5240
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5240 // CNNVD: CNNVD-200208-021 // NVD: CVE-2002-0849

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0849

THREAT TYPE

local

Trust: 0.9

sources: BID: 5423 // CNNVD: CNNVD-200208-021

TYPE

Configuration Error

Trust: 0.9

sources: BID: 5423 // CNNVD: CNNVD-200208-021

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0849	Trust: 2.0
db:	BID	id:	5423	Trust: 2.0
db:	CNNVD	id:	CNNVD-200208-021	Trust: 0.7
db:	BUGTRAQ	id:	20020808 IDEFENSE SECURITY ADVISORY: ISCSI DEFAULT CONFIGURATION FILE SETTINGS	Trust: 0.6
db:	BUGTRAQ	id:	20020808 RE: [VULNWATCH] IDEFENSE SECURITY ADVISORY: ISCSI DEFAULT CONFIGURATION FILE SETTINGS	Trust: 0.6
db:	XF	id:	9792	Trust: 0.6
db:	VULHUB	id:	VHN-5240	Trust: 0.1

sources: VULHUB: VHN-5240 // BID: 5423 // CNNVD: CNNVD-200208-021 // NVD: CVE-2002-0849

REFERENCES

url:	http://www.securityfocus.com/bid/5423	Trust: 1.7
url:	http://www.iss.net/security_center/static/9792.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=102882056105806&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=102891036424424&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=102891036424424&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=102882056105806&w=2	Trust: 0.6
url:	http://lists.netsys.com/pipermail/full-disclosure/2002-august/000930.html	Trust: 0.3
url:	http://sourceforge.net/projects/linux-iscsi	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=102891036424424&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=102882056105806&w=2	Trust: 0.1

sources: VULHUB: VHN-5240 // BID: 5423 // CNNVD: CNNVD-200208-021 // NVD: CVE-2002-0849

CREDITS

Kurt Seifried※ kurt@seifried.org

Trust: 0.6

sources: CNNVD: CNNVD-200208-021

SOURCES

db:	VULHUB	id:	VHN-5240
db:	BID	id:	5423
db:	CNNVD	id:	CNNVD-200208-021
db:	NVD	id:	CVE-2002-0849

LAST UPDATE DATE

2024-08-14T15:25:50.234000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5240	date:	2016-10-18T00:00:00
db:	BID	id:	5423	date:	2009-07-11T14:56:00
db:	CNNVD	id:	CNNVD-200208-021	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0849	date:	2016-10-18T02:22:37.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5240	date:	2002-08-12T00:00:00
db:	BID	id:	5423	date:	2002-08-08T00:00:00
db:	CNNVD	id:	CNNVD-200208-021	date:	2002-08-12T00:00:00
db:	NVD	id:	CVE-2002-0849	date:	2002-08-12T04:00:00