Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-0115

Опубликовано: 30 мар. 2009
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:5.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
Версия от 10.3 (включая) до 11.0 (включая)
cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:juniper:ctpview:*:*:*:*:*:*:*:*
Версия до 7.1 (исключая)
cpe:2.3:a:juniper:ctpview:7.1:-:*:*:*:*:*:*

EPSS

Процентиль: 26%
0.00084
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

ubuntu логотип

CVE-2009-0115

CVSS3: 7.8
ubuntu
около 16 лет назад

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

redhat логотип

CVE-2009-0115

redhat
около 16 лет назад

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

debian логотип

CVE-2009-0115

CVSS3: 7.8
debian
около 16 лет назад

The Device Mapper multipathing driver (aka multipath-tools or device-m ...

github логотип

GHSA-m58q-qh36-cwx8

CVSS3: 7.8
github
около 3 лет назад

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

oracle-oval логотип

ELSA-2009-0411

oracle-oval
около 16 лет назад

ELSA-2009-0411: device-mapper-multipath security update (MODERATE)

EPSS

Процентиль: 26%
0.00084
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732