Computer Security
[EN] securityvulns.ru no-pyccku


multipath-tools weak permissions
Published:10.04.2009
Source:
SecurityVulns ID:9812
Type:remote
Threat Level:
5/10
Description:Weak permissions for control socket.
Affected:MULTIPATHTOOLS : multipath-tools 0.4
CVE:CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service (10.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod