CVE-2009-0115

NameCVE-2009-0115
DescriptionThe Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1767-1
NVD severityhigh
Debian Bugs522813

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
multipath-tools (PTS)stretch0.6.4-5+deb9u1fixed
buster0.7.9-3+deb10u1fixed
bullseye, sid0.8.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
multipath-toolssourceetch0.4.7-1.1etch2DSA-1767-1
multipath-toolssourcelenny0.4.8-14+lenny1DSA-1767-1
multipath-toolssource(unstable)0.4.8-15low522813
Search for package or bug name: Reporting problems