Vulnerability Details : CVE-2009-0115
Potential exploit
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
Products affected by CVE-2009-0115
- cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
- cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:*
- cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:messaging_storage_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:ctpview:*:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:ctpview:7.1:-:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
- cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0115
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0115
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-02-16 |
CWE ids for CVE-2009-0115
-
Assigned by: nvd@nist.gov (Primary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0115
-
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:007 - openSUSE Security Announce - openSUSE Mailing ListsMailing List
-
http://www.vupen.com/english/advisories/2010/0528
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm
ASA-2009-128 (RHSA-2009-0411)Third Party Advisory
-
http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml
Resource is no longer available!Broken Link;Exploit
-
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
502 Bad GatewayBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 - openSUSE Security Announce - openSUSE Mailing ListsMailing List
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPViewThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html
[SECURITY] Fedora 10 Update: device-mapper-multipath-0.4.8-9.fc10Mailing List
-
http://secunia.com/advisories/38794
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/34759
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
Juniper Networks - 2015-07 Security Bulletin: CTPView: Multiple vulnerabilities in CTPViewThird Party Advisory
-
http://secunia.com/advisories/34710
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://launchpad.net/bugs/cve/2009-0115
CVE-2009-0115Third Party Advisory
-
http://secunia.com/advisories/34642
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html
[SECURITY] Fedora 9 Update: device-mapper-multipath-0.4.7-17.fc9Mailing List
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214
404 Not FoundBroken Link
-
http://secunia.com/advisories/34694
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/34418
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.debian.org/security/2009/dsa-1767
[SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of serviceThird Party Advisory
Jump to