'[oss-security] CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are
From:       Eugene Teo <eugeneteo () kernel ! sg>
Date:       2010-01-20 2:39:41
Message-ID: 4B566CED.8030409 () kernel ! sg
[Download RAW message or body]

As far as I know, this only affects Red Hat Enterprise Linux 5.

The RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) 
support in the qla2xxx driver, resulting in two new sysfs pseudo files, 
"/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete". 
These two files were world-writable by default, allowing a local user to 
change SCSI host attributes. This flaw only affects systems using the 
qla2xxx driver and NPIV capable hardware.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556

Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic