Back to search
CVE-2009-3556
Published: Jan 27, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20100120 CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=537177
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100073666
x_refsource_CONFIRM
oval:org.mitre.oval:def:9738
vdb-entry
signature
x_refsource_OVAL
kernel-qla2xxx-security-bypass(55809)
vdb-entry
x_refsource_XF
SUSE-SA:2010:019
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:6744
vdb-entry
signature
x_refsource_OVAL
RHSA-2010:0095
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0046
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now