Published: 30/03/2009 Updated: 16/02/2024

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Vulnerable Product	Search on Vulmon	Subscribe to Product
christophe.varoqui multipath-tools 0.4.8
fedoraproject fedora 10
fedoraproject fedora 9
debian debian linux 5.0
debian debian linux 4.0
avaya message networking 3.1
avaya messaging storage server 4.0
avaya intuity audix lx 2.0
avaya messaging storage server 3.0
avaya messaging storage server 5.0
suse linux enterprise server 9
opensuse opensuse
suse linux enterprise desktop 9
suse linux enterprise server 10
novell open enterprise server -
juniper ctpview
juniper ctpview 7.1

Synopsis Moderate: device-mapper-multipath security update Type/Severity Security Advisory: Moderate Topic Updated device-mapper-multipath packages that fix a security issue are nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Secu ...

Debian Bug report logs - #522813 multipath-tools: CVE-2009-0115 insecure permissions of control socket Package: multipath-tools; Maintainer for multipath-tools is Debian DM Multipath Team <team+linux-blocks@trackerdebianorg>; Source for multipath-tools is src:multipath-tools (PTS, buildd, popcon) Reported by: Nico Golde &l ...

It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd prevent access to storage devices or corrupt file system data For the oldstable distribution (etch), this problem has been ...

CWE-732 http://secunia.com/advisories/34418 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml http://launchpad.net/bugs/cve/2009-0115 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.debian.org/security/2009/dsa-1767 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html http://secunia.com/advisories/34694 http://secunia.com/advisories/34710 http://secunia.com/advisories/34642 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm http://secunia.com/advisories/34759 http://www.vupen.com/english/advisories/2010/0528 http://secunia.com/advisories/38794 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214 https://access.redhat.com/errata/RHSA-2009:0411 https://www.debian.org/security/./dsa-1767 https://nvd.nist.gov

CVE-2009-0115

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect