Lucene search

K
cveMitreCVE-2009-0115
HistoryMar 30, 2009 - 4:30 p.m.

CVE-2009-0115

2009-03-3016:30:00
CWE-732
mitre
web.nvd.nist.gov
41
cve-2009-0115
device mapper
multipathing driver
suse
opensuse
sles
fedora
socket file
arbitrary commands

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0

Percentile

10.4%

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Affected configurations

Nvd
Node
christophe.varoquimultipath-toolsMatch0.4.8
Node
fedoraprojectfedoraMatch9
OR
fedoraprojectfedoraMatch10
Node
debiandebian_linuxMatch4.0
OR
debiandebian_linuxMatch5.0
Node
avayaintuity_audix_lxMatch2.0-
OR
avayaintuity_audix_lxMatch2.0sp1
OR
avayaintuity_audix_lxMatch2.0sp2
OR
avayamessage_networkingMatch3.1
OR
avayamessaging_storage_serverMatch3.0
OR
avayamessaging_storage_serverMatch4.0
OR
avayamessaging_storage_serverMatch5.0
Node
novellopen_enterprise_serverMatch-
OR
opensuseopensuseRange10.311.0
OR
suselinux_enterprise_desktopMatch9
OR
suselinux_enterprise_serverMatch9
OR
suselinux_enterprise_serverMatch10-
Node
juniperctpviewRange<7.1
OR
juniperctpviewMatch7.1-
VendorProductVersionCPE
christophe.varoquimultipath-tools0.4.8cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:*:*:*:*:*:*:*
fedoraprojectfedora9cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
fedoraprojectfedora10cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
avayaintuity_audix_lx2.0cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:*
avayaintuity_audix_lx2.0cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:*
avayaintuity_audix_lx2.0cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:*
avayamessage_networking3.1cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*
avayamessaging_storage_server3.0cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0

Percentile

10.4%