7.8

CVE-2009-0115

Exploit
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version9
FedoraprojectFedora Version10
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
AvayaIntuity Audix Lx Version2.0 Update-
AvayaIntuity Audix Lx Version2.0 Updatesp1
AvayaIntuity Audix Lx Version2.0 Updatesp2
AvayaMessage Networking Version3.1
OpensuseOpensuse Version >= 10.3 <= 11.0
SuseLinux Enterprise Server Version10 Update-
JuniperCtpview Version < 7.1
JuniperCtpview Version7.1 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.384
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Mailing List
http://secunia.com/advisories/34418
Vendor Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Mailing List
http://secunia.com/advisories/34642
Vendor Advisory
Broken Link
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Broken Link
http://secunia.com/advisories/38794
Vendor Advisory
Broken Link
http://www.vupen.com/english/advisories/2010/0528
Permissions Required
http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml
Exploit
Broken Link
http://launchpad.net/bugs/cve/2009-0115
Third Party Advisory
http://secunia.com/advisories/34694
Vendor Advisory
Broken Link
http://secunia.com/advisories/34710
Vendor Advisory
Broken Link
http://secunia.com/advisories/34759
Vendor Advisory
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm
Third Party Advisory
http://www.debian.org/security/2009/dsa-1767
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html
Mailing List