Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-41973

Published: 29/10/2022 Updated: 02/03/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Subscribe to Opensvc

Vulnerability Summary

multipath-tools 0.7.7 up to and including 0.9.x prior to 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensvc multipath-tools

fedoraproject fedora 36

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: USN-5731-1: multipath-tools vulnerabilities
Several security issues were fixed in multipath-tools ...
Debian CVElist Bug Report Logs: multipath-tools: CVE-2022-41973 CVE-2022-41974
Debian Bug report logs - #1022742 multipath-tools: CVE-2022-41973 CVE-2022-41974 Package: src:multipath-tools; Maintainer for src:multipath-tools is Debian DM Multipath Team <team+linux-blocks@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Oct 2022 20:21:02 UTC Severity: grav ...
Debian Security Advisories: DSA-5366-1 multipath-tools -- security update
The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation Please refer to /usr/share/doc/multipath-tools/NEWSDebiangz for backwards-incompatible changes in this u ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

Mailing Lists

Packetstorm: Leeloo Multipath Authorization Bypass / Symlink Attack
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd The authorization bypass was introduced in version 070 and the symlink vulnerability was introduced in version 077 ...
Packetstorm: snap-confine must_mkdir_and_open_with_perms() Race Condition
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to r ...

Github Repositories

CVE-2022-41974 multipath-tools 070 through 09x before 092 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973 Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup This can lead to local privilege escalation to root This occurs because an attacker can repeat a keywor

CVE-2022-41973 multipath-tools 077 through 09x before 092 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974 Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory This could be used indirectly for local pr

CVE-2022-3328 CVE-2022-3328 with CVE-2022-41974 and CVE-2022-41973 from: wwwqualyscom/2022/11/30/cve-2022-3328/advisory-snaptxt blogqualyscom/vulnerabilities-threat-research/2022/11/30/race-condition-in-snap-confines-must_mkdir_and_open_with_perms-cve-2022-3328

References

CWE-59https://github.com/opensvc/multipath-tools/releases/tag/0.9.2http://www.openwall.com/lists/oss-security/2022/10/24/2https://bugzilla.suse.com/show_bug.cgi?id=1202739http://seclists.org/fulldisclosure/2022/Oct/25http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txthttp://www.openwall.com/lists/oss-security/2022/11/30/2http://seclists.org/fulldisclosure/2022/Dec/4http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.htmlhttps://lists.debian.org/debian-lts-announce/2022/12/msg00037.htmlhttps://www.debian.org/security/2023/dsa-5366https://ubuntu.com/security/notices/USN-5731-1https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5366
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook