MidnightBSD

Advisories for christophe.varoqui

CVE-2009-0115 HIGH

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
juniper ctpview *
novell open_enterprise_server -
juniper ctpview 7.1
suse linux_enterprise_server 10
avaya intuity_audix_lx 2.0
avaya message_networking 3.1
fedoraproject fedora 10
suse linux_enterprise_server 9
debian debian_linux 5.0
avaya messaging_storage_server 3.0
debian debian_linux 4.0
avaya messaging_storage_server 4.0
opensuse opensuse *
suse linux_enterprise_desktop 9
fedoraproject fedora 9
avaya messaging_storage_server 5.0
christophe.varoqui multipath-tools 0.4.8