Veracode Vulnerability DatabaseVERACODE:23617Arbitrary Command Execution
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
device-mapper-multipath is vulnerable to arbitrary command execution. It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in access disruptions to storage devices accessible via multiple paths and, possibly, file system corruption on these devices.
References
download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml
kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
launchpad.net/bugs/cve/2009-0115
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
lists.vmware.com/pipermail/security-announce/2010/000082.html
secunia.com/advisories/34418
secunia.com/advisories/34642
secunia.com/advisories/34694
secunia.com/advisories/34710
secunia.com/advisories/34759
secunia.com/advisories/38794
support.avaya.com/elmodocs2/security/ASA-2009-128.htm
www.debian.org/security/2009/dsa-1767
www.redhat.com/security/updates/classification/#moderate
www.vupen.com/english/advisories/2010/0528
access.redhat.com/errata/RHSA-2009:0411
bugzilla.redhat.com/show_bug.cgi?id=494582
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214
www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html
www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C