CVE-2009-3556

CVE-2009-3556 · LOW Severity

AV:L/AC:M/AU:N/C:N/I:P/A:N

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.