1
Candidate: CVE-2009-0115
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
6
The Device Mapper multipathing driver (aka multipath-tools or
7
device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux
8
Enterprise Server (SLES), Fedora, and possibly other operating systems,
9
uses world-writable permissions for the socket file (aka
10
/var/run/multipathd.sock), which allows local users to send arbitrary
11
commands to the multipath daemon.
14
jdstrand> all versions of multipath-tools adjust the umask of the multipath
15
socket. In 9.04 and later this is 1000--set-umask-in-multipathd.patch. In
16
other releases the patch is applied inline.
17
jdstrand> the upstream patches are different, and can be found here:
18
7395bcda3a218df2eab1617df54628af0dc3456e
19
0a0319d381249760c71023edbe0ac9c093bb4a74
21
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813
26
Patches_multipath-tools:
27
upstream_multipath-tools: released (0.4.8-15)
28
dapper_multipath-tools: not-affected (0.4.7-1ubuntu2)
29
gutsy_multipath-tools: not-affected
30
hardy_multipath-tools: not-affected (0.4.8-7ubuntu1)
31
intrepid_multipath-tools: not-affected (0.4.8-10ubuntu1)
32
jaunty_multipath-tools: not-affected (0.4.8-14ubuntu1)
33
devel_multipath-tools: not-affected (0.4.8-14ubuntu1)