iSCSI Insecure Configuration File Permissions Information Disclosure Vulnerability

iSCSI Insecure Configuration File Permissions Information Disclosure Vulnerability

Solution:
It should be noted that the installation scripts for the linux-iscsi drivers available on the Cisco site or available through SourceForge are not prone to this issue. However, some Linux distributions may package installation scripts which set insecure default permissions.

This issue may be mitigated by ensuring that the 'iscsi.conf' file is writeable and readable only by administrative users.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.