7.1

CVE-2009-3939

Exploit
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 2.6.31.6
RedhatVirtualization Version5
RedhatEnterprise Linux Eus Version5.4
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
DebianDebian Linux Version5.0
AvayaAura Session Manager Version1.1
AvayaAura Session Manager Version5.2
AvayaAura System Manager Version5.2
AvayaAura System Manager Version6.0
AvayaAura System Platform Version1.1
AvayaVoice Portal Version5.0
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Desktop Version10 Updatesp3
SuseLinux Enterprise Desktop Version11 Update-
SuseLinux Enterprise Server Version10 Updatesp3
SuseLinux Enterprise Server Version11 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.352
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 6.6 3.9 9.2
AV:L/AC:L/Au:N/C:N/I:C/A:C
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://support.avaya.com/css/P8/documents/100073666
Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2010-0046.html
Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2010-0095.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
Mailing List
http://secunia.com/advisories/37909
Broken Link
http://www.ubuntu.com/usn/usn-864-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
Mailing List
http://secunia.com/advisories/38017
Broken Link
http://www.openwall.com/lists/oss-security/2009/11/13/1
Mailing List
http://www.securityfocus.com/bid/37019
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=526068
Exploit
Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
Mailing List
http://osvdb.org/60201
Broken Link
http://secunia.com/advisories/38276
Broken Link
http://secunia.com/advisories/38492
Broken Link
http://secunia.com/advisories/38779
Broken Link
http://www.debian.org/security/2010/dsa-1996
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540
Broken Link