|Bugzilla:||526068: CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs|
The MITRE CVE dictionary describes this issue as:
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which dbg_lvl file is exposed by the megaraid_sas driver.
Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|MRG Grid for RHEL 5 Server (kernel-rt)||RHSA-2009:1635||December 03, 2009|
|Red Hat Enterprise Linux version 4 (kernel)||RHSA-2010:0076||February 02, 2010|
|Red Hat Enterprise Linux version 5 (kernel)||RHSA-2010:0046||January 19, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.