CVE-2009-0115
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/03/2009
Last modified:
09/04/2025
Description
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avaya:messaging_storage_server:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:* | 10.3 (including) | 11.0 (including) |
| cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://launchpad.net/bugs/cve/2009-0115
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/34694
- http://secunia.com/advisories/34710
- http://secunia.com/advisories/34759
- http://secunia.com/advisories/38794
- http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm
- http://www.debian.org/security/2009/dsa-1767
- http://www.vupen.com/english/advisories/2010/0528
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html
- http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://launchpad.net/bugs/cve/2009-0115
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/34694
- http://secunia.com/advisories/34710
- http://secunia.com/advisories/34759
- http://secunia.com/advisories/38794
- http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm
- http://www.debian.org/security/2009/dsa-1767
- http://www.vupen.com/english/advisories/2010/0528
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html