retire issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1759 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2010-03-04 23:30:06 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2010-03-04 23:30:06 +0000
commit: 8b89b4be7cf2cf2a85f2e5521046e5a53d6a90dc (patch)
tree: 0decae468ee0fa9b8f7e02de08dd13641f90fb2d /retired/CVE-2009-3889
parent: 24f2bb5a17a5d17d4346de3a08e222f5d7791003 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2009-3889 b/retired/CVE-2009-3889
new file mode 100644
index 00000000..cea67afa
--- /dev/null
+++ b/retired/CVE-2009-3889
@@ -0,0 +1,18 @@
+Candidate: CVE-2009-3889
+Description:
+ The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 
+ 2.6.27 has world-writable permissions, which allows local users to change 
+ the (1) behavior and (2) logging level of the driver by modifying this file.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/13/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=526068
+Notes:
+ poll_mode_io aspect of this issue got its own id, CVE-2009-3939
+Bugs:
+upstream: released (2.6.27) [66dca9b8]
+linux-2.6: released (2.6.27-1)
+2.6.18-etch-security: N/A (Vulnerable code not present)
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
+2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch]
+
+
author	Moritz Muehlenhoff <jmm@debian.org>	2010-03-04 23:30:06 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2010-03-04 23:30:06 +0000
commit	8b89b4be7cf2cf2a85f2e5521046e5a53d6a90dc (patch)
tree	0decae468ee0fa9b8f7e02de08dd13641f90fb2d /retired/CVE-2009-3889
parent	24f2bb5a17a5d17d4346de3a08e222f5d7791003 (diff)