The kernel packages is vulnerable to Privilege Escalation. The RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) support in the qla2xxx driver, resulting in two new sysfs pseudo files, โ/sys/class/scsi_host/[a qla2xxx host]/vport_createโ and โvport_deleteโ. These two files were world-writable by default, allowing a local user to change SCSI host attributes. This flaw only affects systems using the qla2xxx driver and NPIV capable hardware.
kbase.redhat.com/faq/docs/DOC-20536
lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html
support.avaya.com/css/P8/documents/100073666
www.openwall.com/lists/oss-security/2010/01/20/2
www.redhat.com/security/updates/classification/#important
access.redhat.com/errata/RHSA-2010:0046
access.redhat.com/security/cve/CVE-2009-3556
bugzilla.redhat.com/show_bug.cgi?id=537177
exchange.xforce.ibmcloud.com/vulnerabilities/55809
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6744
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9738
rhn.redhat.com/errata/RHSA-2010-0046.html
rhn.redhat.com/errata/RHSA-2010-0095.html