Bug 294243 (CVE-2009-3939)

Summary:	Kernel: megaraid_sas: poll_mode_io permissions to permissive (CVE-2009-3939)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://lkml.org/lkml/2009/12/2/481
Whiteboard:	[linux <2.6.33]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-11-23 17:37:56 UTC

CVE-2009-3939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3939):
  The poll_mode_io file for the megaraid_sas driver in the Linux kernel
  2.6.31.6 and earlier has world-writable permissions, which allows
  local users to change the I/O mode of the driver by modifying this
  file.

Comment 1 Bjoern Tropf (RETIRED) gentoo-dev

2009-12-07 09:16:53 UTC

@Kernel: Please fix this issue in the next release.
(This has not been fixed upstream yet; Severity: low)

Comment 2 Veemun 2010-01-05 17:14:38 UTC

any possibility of a workaround in the mean time? i.e. chmod 644? chmod 600?

Comment 3 Bjoern Tropf (RETIRED) gentoo-dev

2010-01-05 17:55:39 UTC

(In reply to comment #2)
> any possibility of a workaround in the mean time? i.e. chmod 644? chmod 600?

chmod 644 seems sufficient.
Upstream fixed the similar dbg_lvl vulnerability with 644 permissions:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46

S_IRUGO|S_IWUSR => S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR