Published: 16/11/2009 Updated: 25/01/2024

CVSS v2 Base Score: 6.6 | Impact Score: 9.2 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 587

Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and previous versions has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux server 5.0
redhat enterprise linux workstation 5.0
redhat enterprise linux desktop 5.0
redhat virtualization 5
redhat enterprise linux eus 5.4
canonical ubuntu linux 9.04
canonical ubuntu linux 8.10
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 6.06
debian debian linux 5.0
avaya aura system manager 6.0
avaya aura system manager 5.2
avaya aura communication manager 5.2
avaya voice portal 5.0
avaya aura system platform 1.1
avaya aura session manager 1.1
avaya aura session manager 5.2
avaya aura sip enablement services 5.2
avaya aura application enablement services 5.2
avaya aura application enablement services 5.2.1
suse linux enterprise server 10
opensuse opensuse 11.1
opensuse opensuse 11.0
opensuse opensuse 11.2
suse linux enterprise server 11
suse linux enterprise desktop 11
suse linux enterprise desktop 10

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Secu ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Securi ...

It was discovered that the AX25 network subsystem did not correctly check integer signedness in certain setsockopt calls A local attacker could exploit this to crash the system, leading to a denial of service Ubuntu 910 was not affected (CVE-2009-2909) ...

CWE-732 https://bugzilla.redhat.com/show_bug.cgi?id=526068 http://www.openwall.com/lists/oss-security/2009/11/13/1 http://osvdb.org/60201 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://secunia.com/advisories/37909 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://secunia.com/advisories/38017 https://rhn.redhat.com/errata/RHSA-2010-0046.html https://rhn.redhat.com/errata/RHSA-2010-0095.html http://www.debian.org/security/2010/dsa-1996 http://support.avaya.com/css/P8/documents/100073666 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://secunia.com/advisories/38492 http://www.ubuntu.com/usn/usn-864-1 http://www.securityfocus.com/bid/37019 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://secunia.com/advisories/38276 http://secunia.com/advisories/38779 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310 https://access.redhat.com/errata/RHSA-2010:0046 https://nvd.nist.gov https://usn.ubuntu.com/864-1/

CVE-2009-3939

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect