iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Suse_linux | Novell | 11 | 11 |
Opensuse | Opensuse | 11.1 | 11.1 |
Suse_linux | Novell | 10 | 10 |
Opensuse | Opensuse | 10.3 | 10.3 |