Scientific Linux Security Update : device-mapper-multipath on SL4.x, SL5.x i386/x86_64

2012-08-01T00:00:00
ID SL_20090407_DEVICE_MAPPER_MULTIPATH_ON_SL4_X.NASL
Type nessus
Reporter Tenable
Modified 2012-10-03T00:00:00

Description

It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in access disruptions to storage devices accessible via multiple paths and, possibly, file system corruption on these devices. (CVE-2009-0115)

The multipathd service must be restarted for the changes to take effect.

Important: the version of the multipathd daemon in Scientific Linux 5 has a known issue which may cause a machine to become unresponsive when the multipathd service is stopped. Until this issue is resolved, we recommend restarting the multipathd service by issuing the following commands in sequence :

killall -KILL multipathd

service multipathd restart

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60562);
  script_version("$Revision: 1.2 $");
  script_cvs_date("$Date: 2012/10/03 00:00:32 $");

  script_cve_id("CVE-2009-0115");

  script_name(english:"Scientific Linux Security Update : device-mapper-multipath on SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the multipathd daemon set incorrect permissions
on the socket used to communicate with command line clients. An
unprivileged, local user could use this flaw to send commands to
multipathd, resulting in access disruptions to storage devices
accessible via multiple paths and, possibly, file system corruption on
these devices. (CVE-2009-0115)

The multipathd service must be restarted for the changes to take
effect.

Important: the version of the multipathd daemon in Scientific Linux 5
has a known issue which may cause a machine to become unresponsive
when the multipathd service is stopped. Until this issue is resolved,
we recommend restarting the multipathd service by issuing the
following commands in sequence :

# killall -KILL multipathd

# service multipathd restart"
  );
  # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=922
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b676e275"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected device-mapper-multipath and / or kpartx packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012 Tenable Network Security, Inc.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"device-mapper-multipath-0.4.5-31.el4_7.1")) flag++;

if (rpm_check(release:"SL5", reference:"device-mapper-multipath-0.4.7-23.el5_3.2")) flag++;
if (rpm_check(release:"SL5", reference:"kpartx-0.4.7-23.el5_3.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");