thr3ads.net - Secure testing team - [Secure-testing-team] Bug#448873: iscsitarget: ietd.conf public readable and contains passwords [Nov 2007]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Martin Zobel-Helas

2007-Nov-02 17:25 UTC

[Secure-testing-team] Bug#448873: iscsitarget: ietd.conf public readable and contains passwords

Package: iscsitarget
Version: 0.4.15-4
Severity: serious
Tags: security
Justification: Policy 10.9

Hi,

/etc/ietd.conf will on most usual cases contain passwords, but is 644
per default after the installations. That needs to be fixed.

Greetings
Martin

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, ''stable'')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Secure testing team - Nov 2007 - Bug#448873: iscsitarget: ietd.conf public readable and contains passwords

[Secure-testing-team] Bug#448873: iscsitarget: ietd.conf public readable and contains passwords