CVE-2009-3556 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-3556 PUBLISHED CVSS 1.899999976158142 LOW

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

EPSS 0.03% · 7.2th percentile

Risk Scores

CVSS v2.0

1.899999976158142

EPSS Score

0.03%

7.2th percentile

Affected Products

Vendor	Product	Versions
redhat	enterprise_linux	5
n/a	n/a	n/a
linux	linux_kernel	2.6.18

Timeline

Jan 27, 2010 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

[oss-security] 20100120 CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable mailing-list
https://bugzilla.redhat.com/show_bug.cgi?id=537177 url
http://support.avaya.com/css/P8/documents/100073666 url
oval:org.mitre.oval:def:9738 vdb
kernel-qla2xxx-security-bypass(55809) vdb
SUSE-SA:2010:019 vendor-advisory
oval:org.mitre.oval:def:6744 vdb
RHSA-2010:0095 vendor-advisory
RHSA-2010:0046 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-3556 advisory
https://access.redhat.com/errata/RHSA-2010:0046 url
https://access.redhat.com/security/cve/CVE-2009-3556 url

Open in Interactive Console →