Definition
New Search
Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability
oval:org.mitre.oval:def:6744
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 when N_Port ID Virtualization (NPIV) hardware is used sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/ which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Family:
unix
Status:
ACCEPTED
Platform(s):
- VMWare ESX Server 4.0
Class:
vulnerability
Reference(s):
- CVE-2009-3556
Product(s):