New Search

Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability

oval:org.mitre.oval:def:6744

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 when N_Port ID Virtualization (NPIV) hardware is used sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/ which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 4.0
Class:
vulnerability
Reference(s):
  • CVE-2009-3556
Product(s):