CVE-2009-3556

CVSS v2.0 1.9 (Low)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 1

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2010-01-27 17:30:00
(14 years ago)
Updated Date: 2023-02-13 02:20:28
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Enterprise Linux

Configuration #1

AND

		CPE23
OR
	Linux Kernel 2.6.18	cpe:2.3:o:linux:linux_kernel:2.6.18
OR
	Running on/with
	Redhat Enterprise Linux 5	cpe:2.3:o:redhat:enterprise_linux:5