CVE-2009-3939 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2009-3939?

CVE-2009-3939 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3939?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Virtualization, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.

Vulnerability Description

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 2.6.31.6
Redhat	Virtualization	5
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.4
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0
Canonical	Ubuntu Linux	6.06
Debian	Debian Linux	5.0
Avaya	Aura Application Enablement Services	5.2
Avaya	Aura Communication Manager	5.2
Avaya	Aura Session Manager	1.1
Avaya	Aura Sip Enablement Services	5.2
Avaya	Aura System Manager	5.2
Avaya	Aura System Platform	1.1
Avaya	Voice Portal	5.0
Opensuse	Opensuse	11.0
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Server	10

Related Weaknesses (CWE)

CWE-732

References

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.htmlMailing List
http://osvdb.org/60201Broken Link
http://secunia.com/advisories/37909Broken Link
http://secunia.com/advisories/38017Broken Link
http://secunia.com/advisories/38276Broken Link
http://secunia.com/advisories/38492Broken Link
http://secunia.com/advisories/38779Broken Link
http://support.avaya.com/css/P8/documents/100073666Third Party Advisory
http://www.debian.org/security/2010/dsa-1996Third Party Advisory

FAQ

What is CVE-2009-3939?

CVE-2009-3939 is a vulnerability with a CVSS score of 7.1 (HIGH). The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying th...

How severe is CVE-2009-3939?

CVE-2009-3939 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3939?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Virtualization, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.