Bug 526068 (CVE-2009-3889, CVE-2009-3939)
Summary: | CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Bryn M. Reeves <bmr> | ||||
Component: | vulnerability | Assignee: | Casey Dahlin <cdahlin> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | arozansk, bhu, cdahlin, dfeng, dhoward, jolsa, jpirko, jskrabal, lgoncalv, lwang, mjc, tao, vanhoof, vgoyal, vmayatsk, williams | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-05-23 23:47:05 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 537309, 537310, 537311, 537312, 537313, 537314 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Bryn M. Reeves
2009-09-28 16:23:45 UTC
Created attachment 362913 [details]
Upstream patch for dbg_lvl permissions
dbg_lvl permission issue = CVE-2009-3889 poll_mode_io permission issue = CVE-2009-3939 This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1635 https://rhn.redhat.com/errata/RHSA-2009-1635.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html both patches are present in the current RHEL6 git tree. Picked up in Linus' tree a couple of weeks ago: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bb7d3f24c71e528989501617651b669fbed798cb author Bryn M. Reeves <bmr> Thu, 12 Nov 2009 18:31:54 +0000 (18:31 +0000) committer Linus Torvalds <torvalds> Wed, 13 Jan 2010 05:12:36 +0000 (21:12 -0800) commit bb7d3f24c71e528989501617651b669fbed798cb tree b94c2c2fcaaaf005cc7d9e78583df3131c437280 tree | snapshot parent 90aeb7c01c2da631cb611871a50980cbb6ca7149 commit | diff [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions /sys/bus/pci/drivers/megaraid_sas/poll_mode_io defaults to being world-writable, which seems bad (letting any user affect kernel driver behavior). This turns off group and user write permissions, so that on typical production systems only root can write to it. Signed-off-by: Bryn M. Reeves <bmr> Signed-off-by: Linus Torvalds <torvalds> This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0076 https://rhn.redhat.com/errata/RHSA-2010-0076.html |