Vulnerability Details : CVE-2022-41973
Potential exploit
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Vulnerability category: Gain privilege
Products affected by CVE-2022-41973
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:opensvc:multipath-tools:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41973
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41973
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-41973
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41973
-
http://www.openwall.com/lists/oss-security/2022/10/24/2
oss-security - Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)Exploit;Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1202739
Bug 1202739 – VUL-0: CVE-2022-41973,CVE-2022-41974: multipath-tools: multipathd: authorization bypass and symlink attack "Leeloo Multipath"Issue Tracking;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Dec/4
Full Disclosure: Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)Exploit;Third Party Advisory
-
http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
Leeloo Multipath Authorization Bypass / Symlink Attack ≈ Packet StormExploit;Mailing List;Third Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html
[SECURITY] [DLA 3250-1] multipath-tools security updateMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Oct/25
Full Disclosure: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)Exploit;Mailing List;Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5366
Debian -- Security Information -- DSA-5366-1 multipath-tools
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36 - package-announce - Fedora Mailing-Lists
-
https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
Release 0.9.2: Merge pull request #46 from openSUSE/queue · opensvc/multipath-tools · GitHubRelease Notes;Third Party Advisory
-
https://security.gentoo.org/glsa/202311-06
multipath-tools: Multiple Vulnerabilities (GLSA 202311-06) — Gentoo security
-
https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
Exploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/11/30/2
oss-security - Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)Exploit;Third Party Advisory
-
http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
snap-confine must_mkdir_and_open_with_perms() Race Condition ≈ Packet StormExploit;Third Party Advisory
Jump to