CVE-2009-0115

Name of the Vulnerable Software and Affected Versions device-mapper-multipath versions 0.4.5 through 0.4.8 multipath-tools versions prior to 0.4.8-r1 kpartx version 0.4.7

Description The issue concerns the Device Mapper multipathing driver, which uses world-writable permissions for the socket file /var/run/multipathd.sock. This allows local users to send arbitrary commands to the multipath daemon, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For device-mapper-multipath versions 0.4.5 through 0.4.8, consider changing the permissions of the socket file /var/run/multipathd.sock to prevent world-writable access until a patch is available. For multipath-tools versions prior to 0.4.8-r1, update to version 0.4.8-r1 or later to resolve the issue. For kpartx version 0.4.7, update to a version that includes the fix for this issue, as the specific fixed version is not provided in the available data. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected software.