The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
16 Feb 2024, 20:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Avaya
Suse linux Enterprise Desktop Avaya messaging Storage Server Juniper Fedoraproject fedora Avaya message Networking Opensuse Fedoraproject Suse Opensuse opensuse Debian Juniper ctpview Novell Suse linux Enterprise Server Debian debian Linux Avaya intuity Audix Lx Novell open Enterprise Server |
|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:a:avaya:messaging_storage_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:* cpe:2.3:a:juniper:ctpview:7.1:-:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:* cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:* cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:* cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:* cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:* cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:* cpe:2.3:a:juniper:ctpview:*:*:*:*:*:*:*:* cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:* |
|
CWE | CWE-732 | |
References | () http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml - Broken Link, Exploit | |
References | () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 - Third Party Advisory | |
References | () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - Third Party Advisory | |
References | () http://launchpad.net/bugs/cve/2009-0115 - Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html - Mailing List | |
References | () http://lists.vmware.com/pipermail/security-announce/2010/000082.html - Broken Link | |
References | () http://secunia.com/advisories/34418 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/34642 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/34694 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/34710 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/34759 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/38794 - Broken Link, Vendor Advisory | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm - Third Party Advisory | |
References | () http://www.debian.org/security/2009/dsa-1767 - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2010/0528 - Permissions Required | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html - Mailing List |
Information
Published : 2009-03-30 16:30
Updated : 2024-02-16 20:28
NVD link : CVE-2009-0115
Mitre link : CVE-2009-0115
CVE.ORG link : CVE-2009-0115
JSON object : View
Products Affected
avaya
- intuity_audix_lx
- message_networking
- messaging_storage_server
juniper
- ctpview
novell
- open_enterprise_server
opensuse
- opensuse
christophe.varoqui
- multipath-tools
suse
- linux_enterprise_server
- linux_enterprise_desktop
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource