CVE-2009-3939

Published: Nov 16, 2009Modified: Apr 23, 2026

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

Affected (29)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation, Virtualization · Canonical: Ubuntu Linux · +4 more

Show all products

Linux

1 product

Linux Kernel

Redhat

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

7 products

Aura Application Enablement Services

Aura Communication Manager

Aura Session Manager

Aura Sip Enablement Services

1 product

2 products

Linux Enterprise Desktop

Linux Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 2.6.31.6

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 5.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Virtualization	Version 5

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0

Configuration E

10 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura Application Enablement Services	Version 5.2.1
Avaya Aura Application Enablement Services	Version 5.2
Avaya Aura Communication Manager	Version 5.2
Avaya Aura Session Manager	Version 1.1
Avaya Aura Session Manager	Version 5.2
Avaya Aura Sip Enablement Services	Version 5.2
Avaya Aura System Manager	Version 5.2
Avaya Aura System Manager	Version 6.0
Avaya Aura System Platform	Version 1.1
Avaya Voice Portal	Version 5.0

Configuration F

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.0
Opensuse Opensuse	Version 11.1
Opensuse Opensuse	Version 11.2
Suse Linux Enterprise Desktop	Version 10 sp3
Suse Linux Enterprise Desktop	Version 11
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Server	Version 11

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (46)

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html

Source: cve@mitre.org

Mailing List

http://osvdb.org/60201

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/37909

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/38017

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/38276

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/38492

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/38779

Source: cve@mitre.org

Broken Link

http://support.avaya.com/css/P8/documents/100073666

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2010/dsa-1996

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2009/11/13/1

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/37019

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-864-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=526068

Source: cve@mitre.org

ExploitIssue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540

Source: cve@mitre.org

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Source: cve@mitre.org

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html