CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable

[Eugene Teo <eugeneteo () kernel sg>]

As far as I know, this only affects Red Hat Enterprise Linux 5.

The RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) 
support in the qla2xxx driver, resulting in two new sysfs pseudo files, 
"/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete". 
These two files were world-writable by default, allowing a local user to 
change SCSI host attributes. This flaw only affects systems using the 
qla2xxx driver and NPIV capable hardware.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3556

Thanks, Eugene