CVE-2009-0115

NameCVE-2009-0115
DescriptionThe Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1767-1
NVD severityhigh (attack range: local)
Debian Bugs522813

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
multipath-tools (PTS)wheezy0.4.9+git0.4dfdaf2b-7~deb7u2fixed
jessie0.5.0-6+deb8u2fixed
buster, stretch, sid0.6.4-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
multipath-toolssource(unstable)0.4.8-15low522813
multipath-toolssourceetch0.4.7-1.1etch2highDSA-1767-1
multipath-toolssourcelenny0.4.8-14+lenny1highDSA-1767-1

Search for package or bug name: Reporting problems