[kernel-sec-discuss] r1612 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Wed Nov 18 21:55:17 UTC 2009
Author: gilbert-guest
Date: 2009-11-18 21:55:17 +0000 (Wed, 18 Nov 2009)
New Revision: 1612
Added:
active/CVE-2009-3939
Modified:
active/CVE-2009-3889
Log:
new id issued for second part of CVE-2009-3889
Modified: active/CVE-2009-3889
===================================================================
--- active/CVE-2009-3889 2009-11-17 22:00:44 UTC (rev 1611)
+++ active/CVE-2009-3889 2009-11-18 21:55:17 UTC (rev 1612)
@@ -1,13 +1,16 @@
Candidate: CVE-2009-3889
Description:
+ The dbg_lvl file for the megaraid_sas driver in the Linux kernel before
+ 2.6.27 has world-writable permissions, which allows local users to change
+ the (1) behavior and (2) logging level of the driver by modifying this file.
References:
http://www.openwall.com/lists/oss-security/2009/11/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=526068
Notes:
- 66dca9b fixes part of it, rest isn't upstream yet
+ poll_mode_io aspect of this issue got its own id, CVE-2009-3939
Bugs:
-upstream:
-linux-2.6:
+upstream: released (2.6.27) [66dca9b8]
+linux-2.6: released (2.6.27-1)
2.6.18-etch-security:
2.6.24-etch-security:
2.6.26-lenny-security:
Added: active/CVE-2009-3939
===================================================================
--- active/CVE-2009-3939 (rev 0)
+++ active/CVE-2009-3939 2009-11-18 21:55:17 UTC (rev 1612)
@@ -0,0 +1,15 @@
+Candidate: CVE-2009-3939
+Description:
+ The poll_mode_io file for the megaraid_sas driver in the Linux kernel
+ 2.6.31.6 and earlier has world-writable permissions, which allows local
+ users to change the I/O mode of the driver by modifying this file.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/13/1
+Notes:
+Bugs:
+upstream:
+2.6.31-upstream-stable:
+linux-2.6:
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
More information about the kernel-sec-discuss
mailing list