CVE-2009-3939

Description

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected products

Avaya / aura_application_enablement_services5.2 – 5.2
Avaya / aura_application_enablement_services5.2.1 – 5.2.1
Avaya / aura_communication_manager5.2 – 5.2
Avaya / aura_session_manager5.2 – 5.2
Avaya / aura_session_manager1.1 – 1.1
Avaya / aura_sip_enablement_services5.2 – 5.2
Avaya / Aura System Manager5.2 – 5.2
Avaya / Aura System Manager6.0 – 6.0
Avaya / aura_system_platform1.1 – 1.1
Avaya / voice_portal5.0 – 5.0
Canonical / Ubuntu Linux9.10 – 9.10
Canonical / Ubuntu Linux6.06 – 6.06
Canonical / Ubuntu Linux8.04 – 8.04
Canonical / Ubuntu Linux9.04 – 9.04
Canonical / Ubuntu Linux8.10 – 8.10
Debian / debian_linux5.0 – 5.0
Linux / Linux kernel2.6.31.6
openSUSE / opensuse11.1 – 11.1
openSUSE / opensuse11.2 – 11.2
openSUSE / opensuse11.0 – 11.0
RedHat / enterprise_linux_desktop5.0 – 5.0
RedHat / enterprise_linux_eus5.4 – 5.4
RedHat / enterprise_linux_server5.0 – 5.0
RedHat / enterprise_linux_workstation5.0 – 5.0
RedHat / virtualization5 – 5
SUSE / linux_enterprise_desktop10 – 10
SUSE / linux_enterprise_desktop11 – 11
SUSE / linux_enterprise_server10 – 10
SUSE / linux_enterprise_server11 – 11

References

VENDOR_ADVISORYhttp://secunia.com/advisories/38276
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-864-1
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=526068
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
VENDOR_ADVISORYhttp://secunia.com/advisories/38779
MISChttp://www.securityfocus.com/bid/37019
MISChttp://support.avaya.com/css/P8/documents/100073666
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
VENDOR_ADVISORYhttp://secunia.com/advisories/37909
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
VENDOR_ADVISORYhttp://www.debian.org/security/2010/dsa-1996
MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/11/13/1
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310
MISChttps://rhn.redhat.com/errata/RHSA-2010-0095.html
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
MISChttp://osvdb.org/60201
MISChttps://rhn.redhat.com/errata/RHSA-2010-0046.html
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
VENDOR_ADVISORYhttp://secunia.com/advisories/38017
VENDOR_ADVISORYhttp://secunia.com/advisories/38492