Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12642
HistoryNov 16, 2009 - 12:00 a.m.

Linux Kernel megaraid_sas驱动不安全文件权限漏洞

2009-11-1600:00:00
Root
www.seebug.org
19

0.0004 Low

EPSS

Percentile

8.6%

JSON

BUGTRAQ ID: 37019
CVE ID: CVE-2009-3889

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux所使用的megaraid_sas驱动中sysfs系统文件暴露了一些驱动属性,其中一些属性是完全可写的,本地攻击者可以更改驱动的行为,如设置调试日志级别、中断I/O模式等。

Linux kernel 2.6.x
厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46


                                                1. ls -l /sys/bus/pci/drivers/megaraid_sas/dbg_lvl
2. ls -l /sys/bus/pci/drivers/megaraid_sas/poll_mode_io

Related

ubuntucve 1
prion 1
veracode 1
cve 1
redhat 4
openvas 13
oraclelinux 3
nessus 14
centos 2
suse 3
osv 1
debian 1
ubuntu 1
vmware 2
ubuntucve
ubuntucve
CVE-2009-3889
2009-11-16 00:00:00
prion
prion
Design/Logic Flaw
2009-11-16 19:30:00
veracode
veracode
Privilege Escalation
2020-04-10 00:39:25
cve
cve
CVE-2009-3889
2009-11-16 19:30:00
redhat
redhat
(RHSA-2009:1635) Important: kernel-rt security, bug fix, and enhancement update
2009-12-03 00:00:00
(RHSA-2010:0076) Important: kernel security and bug fix update
2010-02-02 00:00:00
(RHSA-2010:0046) Important: kernel security and bug fix update
2010-01-19 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1635
2009-12-10 00:00:00
RedHat Security Advisory RHSA-2009:1635
2009-12-10 00:00:00
RedHat Update for kernel RHSA-2010:0076-01
2010-02-08 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2010-02-03 00:00:00
kernel security and bug fix update
2010-01-20 00:00:00
Oracle Enterprise Linux 5.5 kernel security and bug fix update
2010-04-05 00:00:00
nessus
nessus
RHEL 4 : kernel (RHSA-2010:0076)
2010-02-03 00:00:00
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
2012-08-01 00:00:00
CentOS 4 : kernel (CESA-2010:0076)
2010-02-05 00:00:00
centos
centos
kernel security update
2010-02-04 12:33:45
kernel security update
2010-01-20 18:10:39
suse
suse
remote denial of service in kernel
2010-02-18 21:41:21
remote denial of service in kernel
2009-12-14 18:08:07
remote denial of service in kernel
2009-12-22 18:28:49
osv
osv
linux-2.6.24 - several vulnerabilities
2010-02-27 00:00:00
debian
debian
[SECURITY] [DSA 2004-1] New Linux 2.6.24 packages fix several vulnerabilities
2010-03-01 03:53:30
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-12-05 00:00:00
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

0.0004 Low

EPSS

Percentile

8.6%

JSON
Related for SSV:12642
ubuntucve1prion1veracode1cve1redhat4openvas13oraclelinux3nessus14centos2suse3osv1debian1ubuntu1vmware2