[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are
From: Eugene Teo <eugeneteo () kernel ! sg>
Date: 2010-01-20 2:39:41
Message-ID: 4B566CED.8030409 () kernel ! sg
[Download RAW message or body]
As far as I know, this only affects Red Hat Enterprise Linux 5.
The RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)
support in the qla2xxx driver, resulting in two new sysfs pseudo files,
"/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete".
These two files were world-writable by default, allowing a local user to
change SCSI host attributes. This flaw only affects systems using the
qla2xxx driver and NPIV capable hardware.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556
Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic