Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 20 Jan 2010 10:39:41 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are
 world writable

As far as I know, this only affects Red Hat Enterprise Linux 5.

The RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) 
support in the qla2xxx driver, resulting in two new sysfs pseudo files, 
"/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete". 
These two files were world-writable by default, allowing a local user to 
change SCSI host attributes. This flaw only affects systems using the 
qla2xxx driver and NPIV capable hardware.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ