Candidate: CVE-2009-0115
PublicDate: 2009-03-30 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115
Description:
 The Device Mapper multipathing driver (aka multipath-tools or
 device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux
 Enterprise Server (SLES), Fedora, and possibly other operating systems,
 uses world-writable permissions for the socket file (aka
 /var/run/multipathd.sock), which allows local users to send arbitrary
 commands to the multipath daemon.
Ubuntu-Description:
Notes:
 jdstrand> all versions of multipath-tools adjust the umask of the multipath
  socket. In 9.04 and later this is 1000--set-umask-in-multipathd.patch. In
  other releases the patch is applied inline.
 jdstrand> the upstream patches are different, and can be found here:
  7395bcda3a218df2eab1617df54628af0dc3456e
  0a0319d381249760c71023edbe0ac9c093bb4a74
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522813
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_multipath-tools:
upstream_multipath-tools: released (0.4.8-15)
dapper_multipath-tools: not-affected (0.4.7-1ubuntu2)
gutsy_multipath-tools: not-affected
hardy_multipath-tools: not-affected (0.4.8-7ubuntu1)
intrepid_multipath-tools: not-affected (0.4.8-10ubuntu1)
jaunty_multipath-tools: not-affected (0.4.8-14ubuntu1)
devel_multipath-tools: not-affected (0.4.8-14ubuntu1)