CVE-2009-3556Incorrect Permission Assignment in Kernel

CWE-264CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
1.9LOWNVD
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedJan 27
Latest updateMay 2

Description

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

CVSS vector

AV:L/AC:M/C:N/I:P/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

NVDlinux/linux_kernel2.6.18

Also affects: Enterprise Linux 5

🔴Vulnerability Details

1
GHSA
GHSA-3g2r-q9r9-rjh5: A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 22022-05-02

📋Vendor Advisories

1
Red Hat
kernel: qla2xxx NPIV vport management pseudofiles are world writable2010-01-19

💬Community

1
Bugzilla
CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable2009-11-12