diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2010-03-04 23:30:06 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2010-03-04 23:30:06 +0000 |
commit | 8b89b4be7cf2cf2a85f2e5521046e5a53d6a90dc (patch) | |
tree | 0decae468ee0fa9b8f7e02de08dd13641f90fb2d /retired/CVE-2009-3889 | |
parent | 24f2bb5a17a5d17d4346de3a08e222f5d7791003 (diff) |
retire issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1759 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-3889')
-rw-r--r-- | retired/CVE-2009-3889 | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2009-3889 b/retired/CVE-2009-3889 new file mode 100644 index 00000000..cea67afa --- /dev/null +++ b/retired/CVE-2009-3889 @@ -0,0 +1,18 @@ +Candidate: CVE-2009-3889 +Description: + The dbg_lvl file for the megaraid_sas driver in the Linux kernel before + 2.6.27 has world-writable permissions, which allows local users to change + the (1) behavior and (2) logging level of the driver by modifying this file. +References: + http://www.openwall.com/lists/oss-security/2009/11/13/1 + https://bugzilla.redhat.com/show_bug.cgi?id=526068 +Notes: + poll_mode_io aspect of this issue got its own id, CVE-2009-3939 +Bugs: +upstream: released (2.6.27) [66dca9b8] +linux-2.6: released (2.6.27-1) +2.6.18-etch-security: N/A (Vulnerable code not present) +2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch3) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch] +2.6.26-lenny-security: released (2.6.26-21) [bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch] + + |