CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
References
Link Resource
http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml Broken Link Exploit
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://launchpad.net/bugs/cve/2009-0115 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html Mailing List
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Broken Link
http://secunia.com/advisories/34418 Broken Link Vendor Advisory
http://secunia.com/advisories/34642 Broken Link Vendor Advisory
http://secunia.com/advisories/34694 Broken Link Vendor Advisory
http://secunia.com/advisories/34710 Broken Link Vendor Advisory
http://secunia.com/advisories/34759 Broken Link Vendor Advisory
http://secunia.com/advisories/38794 Broken Link Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm Third Party Advisory
http://www.debian.org/security/2009/dsa-1767 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528 Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html Mailing List
http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml Broken Link Exploit
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://launchpad.net/bugs/cve/2009-0115 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html Mailing List
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Broken Link
http://secunia.com/advisories/34418 Broken Link Vendor Advisory
http://secunia.com/advisories/34642 Broken Link Vendor Advisory
http://secunia.com/advisories/34694 Broken Link Vendor Advisory
http://secunia.com/advisories/34710 Broken Link Vendor Advisory
http://secunia.com/advisories/34759 Broken Link Vendor Advisory
http://secunia.com/advisories/38794 Broken Link Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm Third Party Advisory
http://www.debian.org/security/2009/dsa-1767 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528 Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:5.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:juniper:ctpview:*:*:*:*:*:*:*:*
cpe:2.3:a:juniper:ctpview:7.1:-:*:*:*:*:*:*

History

No history.

Information

Published : 2009-03-30 16:30

Updated : 2025-04-09 00:30


NVD link : CVE-2009-0115

Mitre link : CVE-2009-0115

CVE.ORG link : CVE-2009-0115


JSON object : View

Products Affected

avaya

  • message_networking
  • intuity_audix_lx
  • messaging_storage_server

opensuse

  • opensuse

christophe.varoqui

  • multipath-tools

suse

  • linux_enterprise_desktop
  • linux_enterprise_server

juniper

  • ctpview

fedoraproject

  • fedora

novell

  • open_enterprise_server

debian

  • debian_linux
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource