device-mapper-multipath is vulnerable to arbitrary command execution. It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in access disruptions to storage devices accessible via multiple paths and, possibly, file system corruption on these devices.
download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml
kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
launchpad.net/bugs/cve/2009-0115
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
lists.vmware.com/pipermail/security-announce/2010/000082.html
secunia.com/advisories/34418
secunia.com/advisories/34642
secunia.com/advisories/34694
secunia.com/advisories/34710
secunia.com/advisories/34759
secunia.com/advisories/38794
support.avaya.com/elmodocs2/security/ASA-2009-128.htm
www.debian.org/security/2009/dsa-1767
www.redhat.com/security/updates/classification/#moderate
www.vupen.com/english/advisories/2010/0528
access.redhat.com/errata/RHSA-2009:0411
bugzilla.redhat.com/show_bug.cgi?id=494582
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214
www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html
www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html