First published: Thu Nov 12 2009(Updated: )
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | =2.6.18 | |
Redhat Enterprise Linux | =5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.