New Search

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 when N_Port ID Virtualization (NPIV) hardware is used sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/ which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

oval:org.mitre.oval:def:9738

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 when N_Port ID Virtualization (NPIV) hardware is used sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/ which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • Oracle Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2009-3556
Product(s):