Local File Permission Vulnerability in Red Hat Linux Kernel for qla2xxx Driver
CVE-2009-3556

Currently unrated

Key Information:

Vendor

Linux
Status
Linux Kernel
Enterprise Linux
Vendor
CVE Published:
27 January 2010

What is CVE-2009-3556?

This vulnerability arises from a misconfiguration in the qla2xxx driver for the Linux kernel used in Red Hat Enterprise Linux 5. Specifically, it entails that during N_Port ID Virtualization (NPIV) hardware operations, the configuration allows certain files, namely vport_create and vport_delete, to have world-writable permissions. This flaw grants local users the capability to modify critical SCSI host attributes through unauthorized adjustments to these files, potentially leading to significant integrity and availability issues within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2010/01/20/2
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=537177
x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100073666
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.