The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:C/A:C
Vendors Products
Avaya
  • Aura Application Enablement Services
  • Aura Sip Enablement Services
  • Aura Communication Manager
  • Aura System Manager
  • Aura Session Manager
  • Aura System Platform
  • Voice Portal
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise Server
Canonical
  • Ubuntu Linux
Redhat
  • Virtualization
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server
  • Enterprise Linux Eus
Debian
  • Debian Linux
Opensuse
  • Opensuse
Linux
  • Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:virtualization:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:avaya:aura_application_enablement_services:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_sip_enablement_services:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:voice_portal:5.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html Mailing List
http://osvdb.org/60201 Broken Link
http://secunia.com/advisories/37909 Broken Link
http://secunia.com/advisories/38017 Broken Link
http://secunia.com/advisories/38276 Broken Link
http://secunia.com/advisories/38492 Broken Link
http://secunia.com/advisories/38779 Broken Link
http://support.avaya.com/css/P8/documents/100073666 Third Party Advisory
http://www.debian.org/security/2010/dsa-1996 Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/11/13/1 Mailing List
http://www.securityfocus.com/bid/37019 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-864-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=526068 Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540 Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0046.html Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2010-0095.html Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-11-16T19:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2009-11-16T00:00:00

Link: CVE-2009-3939

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2009-11-16T19:30:01.000

Modified: 2024-01-25T21:37:47.970

Link: CVE-2009-3939

JSON object: View

cve-icon Redhat Information

No data.

CWE