← Back

CVE-2009-0115

nvd nist
Published: Mar 30, 2009Modified: Apr 23, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Affected (19)

Show all products
Christophe.varoqui: Multipath Tools · Fedoraproject: Fedora · Debian: Debian Linux · Avaya: Intuity Audix Lx, Message Networking, Messaging Storage Server · Novell: Open Enterprise Server · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server · Juniper: Ctpview
Christophe.varoqui
1 product
Multipath Tools
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Avaya
3 products
Intuity Audix Lx
Message Networking
Messaging Storage Server
Novell
1 product
Open Enterprise Server
Opensuse
1 product
Opensuse
Suse
2 products
Linux Enterprise Desktop
Linux Enterprise Server
Juniper
1 product
Ctpview
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Multipath Tools
Version 0.4.8
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 10
Fedora
Version 9
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 4.0
Debian Linux
Version 5.0
Configuration D
7 vulnerable
Vulnerable SoftwareAffected Versions
Avaya
Intuity Audix Lx
Version 2.0
Intuity Audix Lx
Version 2.0 sp1
Intuity Audix Lx
Version 2.0 sp2
Message Networking
Version 3.1
Avaya
Messaging Storage Server
Version 3.0
Messaging Storage Server
Version 4.0
Messaging Storage Server
Version 5.0
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Open Enterprise Server
All versions
Opensuse
From 10.3 to 11.0
Linux Enterprise Desktop
Version 9
Suse
Linux Enterprise Server
Version 10
Linux Enterprise Server
Version 9
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Ctpview
Before 7.1
Ctpview
Version 7.1

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (38)

Source: cve@mitre.org
Broken LinkExploit
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Permissions Required
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploit
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.