The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Multipath-tools | Christophe.varoqui | 0.4.8 (including) | 0.4.8 (including) |
Red Hat Enterprise Linux 4 | RedHat | device-mapper-multipath-0:0.4.5-31.el4_7.1 | * |
Red Hat Enterprise Linux 5 | RedHat | device-mapper-multipath-0:0.4.7-23.el5_3.2 | * |
Multipath-tools | Ubuntu | upstream | * |