CVE-2009-0115

NameCVE-2009-0115
DescriptionThe Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1767-1
NVD severityhigh (attack range: local)
Debian Bugs522813

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
multipath-tools (PTS)jessie0.5.0-6+deb8u2fixed
stretch0.6.4-5fixed
buster, sid0.7.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
multipath-toolssource(unstable)0.4.8-15low522813
multipath-toolssourceetch0.4.7-1.1etch2highDSA-1767-1
multipath-toolssourcelenny0.4.8-14+lenny1highDSA-1767-1
Search for package or bug name: Reporting problems