Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-41974

Опубликовано: 29 окт. 2022
Источник: debian
EPSS Низкий

Описание

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
multipath-toolsfixed0.9.4-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2022/10/24/2

  • https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt

  • Introduced by: https://github.com/opensvc/multipath-tools/commit/9acda0c47b143f2ef6123957d2ccd24ea995dc04 (0.7.0)

  • Fix included in https://github.com/opensvc/multipath-tools/pull/46

  • Fixed by (merge): https://github.com/opensvc/multipath-tools/commit/c4912a639b7ff527aa11d665944594926ff94a7a (0.9.2)

  • https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 (0.9.2)

  • https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c (0.9.2, CVE fix)

  • https://github.com/opensvc/multipath-tools/commit/2a1ff3154c1d5de423c303ca3bc9ed9727b4e523 (0.9.2)

  • https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2)

  • https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2)

EPSS

Процентиль: 4%
0.00021
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-41974

CVSS3: 7.8
ubuntu
больше 2 лет назад

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

redhat логотип

CVE-2022-41974

CVSS3: 7.8
redhat
больше 2 лет назад

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

nvd логотип

CVE-2022-41974

CVSS3: 7.8
nvd
больше 2 лет назад

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

msrc логотип

CVE-2022-41974

CVSS3: 7.8
msrc
больше 2 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2022:3715-1

suse-cvrf
больше 2 лет назад

Security update for multipath-tools

EPSS

Процентиль: 4%
0.00021
Низкий