CVE-2009-3939

EUVD-2009-3910
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
≤ 2.6.31.6
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_eus
5.4
redhatenterprise_linux_server
5.0
redhatenterprise_linux_workstation
5.0
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
canonicalubuntu_linux
9.10
debiandebian_linux
5.0
avayaaura_application_enablement_services
5.2
avayaaura_application_enablement_services
5.2.1
avayaaura_communication_manager
5.2
avayaaura_session_manager
1.1
avayaaura_session_manager
5.2
avayaaura_sip_enablement_services
5.2
avayaaura_system_manager
5.2
avayaaura_system_manager
6.0
avayaaura_system_platform
1.1
avayavoice_portal
5.0
opensuseopensuse
11.0
opensuseopensuse
11.1
opensuseopensuse
11.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
dapper
dne
hardy
not-affected
intrepid
Fixed 2.6.27-16.44
released
jaunty
Fixed 2.6.28-17.58
released
karmic
Fixed 2.6.31-16.52
released
linux-source-2.6.15
dapper
not-affected
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
http://osvdb.org/60201
http://secunia.com/advisories/37909
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
http://secunia.com/advisories/38492
http://secunia.com/advisories/38779
http://support.avaya.com/css/P8/documents/100073666
http://www.debian.org/security/2010/dsa-1996
http://www.openwall.com/lists/oss-security/2009/11/13/1
http://www.securityfocus.com/bid/37019
http://www.ubuntu.com/usn/usn-864-1
https://bugzilla.redhat.com/show_bug.cgi?id=526068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
http://osvdb.org/60201
http://secunia.com/advisories/37909
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
http://secunia.com/advisories/38492
http://secunia.com/advisories/38779
http://support.avaya.com/css/P8/documents/100073666
http://www.debian.org/security/2010/dsa-1996
http://www.openwall.com/lists/oss-security/2009/11/13/1
http://www.securityfocus.com/bid/37019
http://www.ubuntu.com/usn/usn-864-1
https://bugzilla.redhat.com/show_bug.cgi?id=526068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html