VAR-200208-0057
Vulnerability from variot - Updated: 2025-04-03 22:41Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. iSCSI leaves administrative credentials stored in a world-readable configuration file. The configuration file that iSCSI uses is stored in /etc/iscsi.conf. Reportedly, this file is installed, by default, with world readable and possibly world writeable permissions enabled. This may have some potentially serious consequences as the configuration file also stores password information in plain text. iSCSI (Small Computer System Interface) is a protocol that supports access to storage devices over a TCP/IP network, which facilitates storage consolidation and sharing of storage resources across organizations. The main authentication mechanism of iSCSI uses the CHAP protocol. There is a configuration problem in the Linux implementation of iSCSI, and local attackers can exploit this vulnerability to obtain sensitive information such as authentication passwords. and other sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iscsi driver",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "iscsi driver",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "linux"
},
{
"model": "iscsi linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1.2.1"
}
],
"sources": [
{
"db": "BID",
"id": "5423"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kurt Seifried\u203b kurt@seifried.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2002-0849",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-5240",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0849",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5240",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5240"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password. iSCSI leaves administrative credentials stored in a world-readable configuration file. \nThe configuration file that iSCSI uses is stored in /etc/iscsi.conf. Reportedly, this file is installed, by default, with world readable and possibly world writeable permissions enabled. This may have some potentially serious consequences as the configuration file also stores password information in plain text. iSCSI (Small Computer System Interface) is a protocol that supports access to storage devices over a TCP/IP network, which facilitates storage consolidation and sharing of storage resources across organizations. The main authentication mechanism of iSCSI uses the CHAP protocol. There is a configuration problem in the Linux implementation of iSCSI, and local attackers can exploit this vulnerability to obtain sensitive information such as authentication passwords. and other sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0849"
},
{
"db": "BID",
"id": "5423"
},
{
"db": "VULHUB",
"id": "VHN-5240"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0849",
"trust": 2.0
},
{
"db": "BID",
"id": "5423",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020808 IDEFENSE SECURITY ADVISORY: ISCSI DEFAULT CONFIGURATION FILE SETTINGS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020808 RE: [VULNWATCH] IDEFENSE SECURITY ADVISORY: ISCSI DEFAULT CONFIGURATION FILE SETTINGS",
"trust": 0.6
},
{
"db": "XF",
"id": "9792",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5240",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5240"
},
{
"db": "BID",
"id": "5423"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"id": "VAR-200208-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5240"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:41:58.679000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5423"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9792.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=102891036424424\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=102882056105806\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=102891036424424\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=102882056105806\u0026w=2"
},
{
"trust": 0.3,
"url": "http://lists.netsys.com/pipermail/full-disclosure/2002-august/000930.html"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/linux-iscsi"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=102891036424424\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=102882056105806\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5240"
},
{
"db": "BID",
"id": "5423"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5240"
},
{
"db": "BID",
"id": "5423"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5240"
},
{
"date": "2002-08-08T00:00:00",
"db": "BID",
"id": "5423"
},
{
"date": "2002-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-5240"
},
{
"date": "2009-07-11T14:56:00",
"db": "BID",
"id": "5423"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-021"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "5423"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSCSI Insecure Profile Permissions Local Information Disclosure Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "5423"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-021"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…