The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
christophe.varoqui multipath-tools 0.4.8 |
||
fedoraproject fedora 10 |
||
fedoraproject fedora 9 |
||
debian debian linux 5.0 |
||
debian debian linux 4.0 |
||
avaya message networking 3.1 |
||
avaya messaging storage server 4.0 |
||
avaya intuity audix lx 2.0 |
||
avaya messaging storage server 3.0 |
||
avaya messaging storage server 5.0 |
||
suse linux enterprise server 9 |
||
opensuse opensuse |
||
suse linux enterprise desktop 9 |
||
suse linux enterprise server 10 |
||
novell open enterprise server - |
||
juniper ctpview |
||
juniper ctpview 7.1 |