Red Hat Customer Portal

Skip to main content

CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Details Source

Mitre

Public Date

2009-03-24 00:00:00

Impact

Moderate

Bugzilla

CVE-2009-0115 device-mapper-multipath: insecure permissions on multipathd.sock

Bugzilla ID

493 330

CVSS Status

verified

Base Score

6.20

Base Metrics

AV:L/AC:H/Au:N/C:C/I:C/A:C

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (device-mapper-multipath) RHSA-2009:0411 2009-04-07
Red Hat Enterprise Linux 5 (device-mapper-multipath) RHSA-2009:0411 2009-04-07