Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:18998
HistoryJan 26, 2010 - 12:00 a.m.

Red Hat Linux Kernel qla2xxx驱动完全可写文件漏洞

2010-01-2600:00:00
Root
www.seebug.org
28

0.0004 Low

EPSS

Percentile

5.7%

JSON

BUGTRAQ ID: 37876
CVE ID: CVE-2009-3556

Linux Kernel是开放源码操作系统Linux所使用的内核。

对于使用qla2xxx驱动且支持NPIV硬件的Red Hat版本的Linux Kernel系统,驱动向SCSI主机属性中添加了两个新的sysfs伪文件:

w–w–w- root root /sys/class/scsi_host/host1/vport_create
w–w–w- root root /sys/class/scsi_host/host1/vport_delete
w–w–w- root root /sys/class/scsi_host/host2/vport_create
w–w–w- root root /sys/class/scsi_host/host2/vport_delete

这两个文件默认完全可写(S_IWUGO/0222),本地用户可以随意更改SCSI主机属性。

RedHat Linux 5.x
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0046-01)以及相应补丁:
RHSA-2010:0046-01:Important: kernel security and bug fix update
链接:https://www.redhat.com/support/errata/RHSA-2010-0046.html


                                                ls -l /sys/class/scsi_host/<a qla2xxx host>/vport_*
   ls -l /sys/class/scsi_host/<a qla2xxx host>/vport_id
   ls -l /sys/class/scsi_host/<a qla2xxx host>/vport_disable
   ls -l /sys/class/scsi_host/<a qla2xxx host>/symbolic_port_name

实际结果:

--w--w--w- root root  /sys/class/scsi_host/host1/vport_create
--w--w--w- root root  /sys/class/scsi_host/host1/vport_delete
--w--w--w- root root  /sys/class/scsi_host/host2/vport_create
--w--w--w- root root  /sys/class/scsi_host/host2/vport_delete

预期结果:

-rw-r--r-- root root  /sys/class/scsi_host/host1/vport_create
-rw-r--r-- root root  /sys/class/scsi_host/host1/vport_delete
-rw-r--r-- root root  /sys/class/scsi_host/host2/vport_create
-rw-r--r-- root root  /sys/class/scsi_host/host2/vport_delete

Related

prion 1
cve 1
seebug 1
veracode 1
ubuntucve 1
nessus 9
suse 2
openvas 7
redhat 2
centos 1
oraclelinux 2
vmware 2
prion
prion
Code injection
2010-01-27 17:30:00
cve
cve
CVE-2009-3556
2010-01-27 17:30:00
seebug
seebug
Red Hat Linux内核'qla2xxx'驱动安全绕过漏洞
2010-01-23 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:39:24
ubuntucve
ubuntucve
CVE-2009-3556
2010-01-27 00:00:00
nessus
nessus
SuSE 10 Security Update : Linux kernel (x86) (ZYPP Patch Number 6925)
2010-10-11 00:00:00
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6806)
2010-02-05 00:00:00
SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 6929)
2012-05-17 00:00:00
suse
suse
kernel remote denial of service in kernel
2010-02-05 10:01:11
remote denial of service in kernel
2010-03-30 11:45:05
openvas
openvas
RedHat Update for kernel RHSA-2010:0046-01
2010-01-20 00:00:00
CentOS Update for kernel CESA-2010:0046 centos5 i386
2011-08-09 00:00:00
CentOS Update for kernel CESA-2010:0046 centos5 i386
2011-08-09 00:00:00
redhat
redhat
(RHSA-2010:0046) Important: kernel security and bug fix update
2010-01-19 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
centos
centos
kernel security update
2010-01-20 18:10:39
oraclelinux
oraclelinux
kernel security and bug fix update
2010-01-20 00:00:00
Oracle Enterprise Linux 5.5 kernel security and bug fix update
2010-04-05 00:00:00
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSV:18998
prion1cve1seebug1veracode1ubuntucve1nessus9suse2openvas7redhat2centos1oraclelinux2vmware2