blob: 768035fa2d589cadb853d4722b7f7c76e45cb2a6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Candidate: CVE-2009-3939
Description:
The poll_mode_io file for the megaraid_sas driver in the Linux kernel
2.6.31.6 and earlier has world-writable permissions, which allows local
users to change the I/O mode of the driver by modifying this file.
References:
http://www.openwall.com/lists/oss-security/2009/11/13/1
Notes:
jmm> Introduced in ad84db2e2e1817bb8a29e7c9108eb66bf023d99f
jmm> Fixed in bb7d3f24c71e528989501617651b669fbed798cb
Bugs: #562975 (patch available)
upstream: released (2.6.32.5, 2.6.33-rc4)
2.6.32-upstream-stable: released (2.6.32.5) [94249e60370f0094831ba673881222252d799257)]
linux-2.6: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]
2.6.18-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
2.6.24-etch-security: N/A "introduced in 2.6.25 commit ad84db2e"
2.6.26-lenny-security: released (2.6.26-21lenny1) [bugfix/all/megaraid_sas-remove-sysfs-poll_mode_io-world-writeable-perms.patch]
2.6.32-squeeze-security: released (2.6.32-6) [bugfix/all/stable/2.6.32.5.patch]
|