CVE-2009-3889
6.2 Medium
AI Score
Confidence
High
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46
lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
osvdb.org/60202
secunia.com/advisories/37909
support.avaya.com/css/P8/documents/100073666
www.debian.org/security/2010/dsa-2005
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27
www.openwall.com/lists/oss-security/2009/11/13/1
www.openwall.com/lists/oss-security/2009/11/13/4
www.securityfocus.com/bid/37019
www.ubuntu.com/usn/usn-864-1
bugzilla.redhat.com/show_bug.cgi?id=526068
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11018
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7163
rhn.redhat.com/errata/RHSA-2010-0046.html
rhn.redhat.com/errata/RHSA-2010-0095.html
Social References
More
Related
6.2 Medium
AI Score
Confidence
High
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%