Local File Permission Vulnerability in Red Hat Linux Kernel for qla2xxx Driver
CVE-2009-3556

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Enterprise Linux
Vendor: CVE Published:; 27 January 2010

Summary

This vulnerability arises from a misconfiguration in the qla2xxx driver for the Linux kernel used in Red Hat Enterprise Linux 5. Specifically, it entails that during N_Port ID Virtualization (NPIV) hardware operations, the configuration allows certain files, namely vport_create and vport_delete, to have world-writable permissions. This flaw grants local users the capability to modify critical SCSI host attributes through unauthorized adjustments to these files, potentially leading to significant integrity and availability issues within the system.

References

http://www.openwall.com/lists/oss-security/2010/01/20/2

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=537177

x_refsource_CONFIRM

http://support.avaya.com/css/P8/documents/100073666

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 27, 2010
Vulnerability Reserved
Oct 5, 2009