The iscsid SCSI management daemon has two denial of service vulnerabilities.
The first involves checking the client's uid on the listening socket
instead of the newly accepted connection, this allows anyone to
to perform management operations on the iSCSI initiator and crash
iscsid.
The second vulnerability involves the iscsid logging mechanism.
Logs are sent to a shared memory area and a child process feeds them
to syslog. The memory is protected by a semaphore wet to mode 0666,
allowing arbitrary access to the semaphore. Random users can
lock up the semaphore and iscsid will block and hang on the next
attempt to send a log message.
