Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-3889
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-16 Nov, 2009 | 19:30
Updated At-13 Feb, 2023 | 02:20

The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.6MEDIUM
AV:L/AC:L/Au:N/C:N/I:C/A:C
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions up to 2.6.26(inclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.0
cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.1
cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.2
cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.10
cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11
cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.1
cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.2
cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.3
cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.4
cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.5
cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.6
cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.7
cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.8
cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.9
cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.10
cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.11
cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.11.12
cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12
cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12.1
cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12.2
cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12.3
cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12.4
cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12.5
cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.12.6
cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.13
cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.13.1
cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.13.2
cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.13.3
cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.13.4
cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.13.5
cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14
cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.1
cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.2
cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.3
cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.4
cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.5
cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.6
cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.14.7
cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15
cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.1
cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.2
cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.3
cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.4
cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.5
cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.6
cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.15.7
cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.16
cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.16.1
cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.16.2
cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2010-02-04T00:00:00

This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which dbg_lvl file is exposed by the megaraid_sas driver. Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.

References
HyperlinkSourceResource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.htmlsecalert@redhat.com
N/A
http://osvdb.org/60202secalert@redhat.com
N/A
http://secunia.com/advisories/37909secalert@redhat.com
N/A
http://support.avaya.com/css/P8/documents/100073666secalert@redhat.com
N/A
http://www.debian.org/security/2010/dsa-2005secalert@redhat.com
N/A
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27secalert@redhat.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/11/13/1secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2009/11/13/4secalert@redhat.com
N/A
http://www.securityfocus.com/bid/37019secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-864-1secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=526068secalert@redhat.com
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11018secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7163secalert@redhat.com
N/A
https://rhn.redhat.com/errata/RHSA-2010-0046.htmlsecalert@redhat.com
N/A
https://rhn.redhat.com/errata/RHSA-2010-0095.htmlsecalert@redhat.com
N/A
Change History
0Changes found
Details not found