Hi Ritesh
Thanks for looking into it! Much appreciated!
In my undestanding the fixes applied as per pull rquest 172[1]
enforces to guarantee that permissions are always set on safe side,
which is not yet present in the version shipped in Debian.
[1] https://github.com/open-iscsi/targetcli-fb/p
Hello Salvatore,
I don't think we are affected by this problem.
The version of targetcli-fb in Debian are <= 2.1.49
I just checked the permissions on my test VM:
root@debian-iscsi-target:~# ls -lh /etc/ | grep target
drwxr-xr-x 3 root root 4.0K Jul 23 2019 rtslib-fb-target
drwx-- 2 root
Source: targetcli-fb
Version: 2.1.fb49-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/open-iscsi/targetcli-fb/pull/172
Hi,
The following vulnerability was published for targetcli-fb.
CVE-2020-13867[0]:
| Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for
3 matches
Mail list logo
