Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0115

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2009-0115
Last Modified 21 Aug 2010 01:29:45
Published 30 Mar 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0115

Summary

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Vulnerable Systems

Application

  • Christophe.varoqui Multipath-tools 0.4.8


References

FEDORA - FEDORA-2009-3453

FEDORA - FEDORA-2009-3449

VUPEN - ADV-2010-0528

DEBIAN - DSA-1767

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm

SECUNIA - 38794

SECUNIA - 34759

SECUNIA - 34710

SECUNIA - 34694

SECUNIA - 34642

SECUNIA - 34418

MLIST - [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

SUSE - SUSE-SR:2009:008

SUSE - SUSE-SR:2009:007

MISC - http://launchpad.net/bugs/cve/2009-0115

CONFIRM - http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml


Last Updated: 27 May 2016 10:50:07