NVD脆弱性詳細

CVE-2009-0115

概要	The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
概要	multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero del socket (también conocido como /var/run/multipathd.sock), permitiendo a usuarios locales enviar comandos de su elección al demonio "multipath".
公表日	2009年3月31日1:30
登録日	2021年1月29日13:13
最終更新日	2026年4月23日9:35

CVSS3.1 : HIGH
スコア	7.8
ベクター	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

CVSS2.0 : HIGH
スコア	7.2
ベクター	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:::::::*
cpe:2.3:o:fedoraproject:fedora:9:::::::*
cpe:2.3:o:fedoraproject:fedora:10:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:a:avaya:intuity_audix_lx:2.0:-::::::
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1::::::
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2::::::
cpe:2.3:a:avaya:message_networking:3.1:::::::*
cpe:2.3:a:avaya:messaging_storage_server:3.0:::::::*
cpe:2.3:a:avaya:messaging_storage_server:4.0:::::::*
cpe:2.3:a:avaya:messaging_storage_server:5.0:::::::*
cpe:2.3:o:novell:open_enterprise_server:-:::::::*
cpe:2.3:o:opensuse:opensuse::::::::	10.3	11.0
cpe:2.3:o:suse:linux_enterprise_desktop:9:::::::*
cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
cpe:2.3:o:suse:linux_enterprise_server:10:-::::::
cpe:2.3:a:juniper:ctpview::::::::				7.1
cpe:2.3:a:juniper:ctpview:7.1:-::::::

関連情報、対策とツール

No	URL	refsource
1	http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml	cve@mitre.org
2	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691	cve@mitre.org
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	cve@mitre.org
4	http://launchpad.net/bugs/cve/2009-0115	cve@mitre.org
5	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	cve@mitre.org
6	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html	cve@mitre.org
7	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	cve@mitre.org
8	http://secunia.com/advisories/34418	cve@mitre.org
9	http://secunia.com/advisories/34642	cve@mitre.org
10	http://secunia.com/advisories/34694	cve@mitre.org
11	http://secunia.com/advisories/34710	cve@mitre.org
12	http://secunia.com/advisories/34759	cve@mitre.org
13	http://secunia.com/advisories/38794	cve@mitre.org
14	http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm	cve@mitre.org
15	http://www.debian.org/security/2009/dsa-1767	cve@mitre.org
16	http://www.vupen.com/english/advisories/2010/0528	cve@mitre.org
17	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214	cve@mitre.org
18	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html	cve@mitre.org
19	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html	cve@mitre.org
20	http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml	af854a3a-2127-422b-91ae-364da2661108
21	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691	af854a3a-2127-422b-91ae-364da2661108
22	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	af854a3a-2127-422b-91ae-364da2661108
23	http://launchpad.net/bugs/cve/2009-0115	af854a3a-2127-422b-91ae-364da2661108
24	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
25	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html	af854a3a-2127-422b-91ae-364da2661108
26	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/34418	af854a3a-2127-422b-91ae-364da2661108
28	http://secunia.com/advisories/34642	af854a3a-2127-422b-91ae-364da2661108
29	http://secunia.com/advisories/34694	af854a3a-2127-422b-91ae-364da2661108
30	http://secunia.com/advisories/34710	af854a3a-2127-422b-91ae-364da2661108
31	http://secunia.com/advisories/34759	af854a3a-2127-422b-91ae-364da2661108
32	http://secunia.com/advisories/38794	af854a3a-2127-422b-91ae-364da2661108
33	http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm	af854a3a-2127-422b-91ae-364da2661108
34	http://www.debian.org/security/2009/dsa-1767	af854a3a-2127-422b-91ae-364da2661108
35	http://www.vupen.com/english/advisories/2010/0528	af854a3a-2127-422b-91ae-364da2661108
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214	af854a3a-2127-422b-91ae-364da2661108
37	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html	af854a3a-2127-422b-91ae-364da2661108
38	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-732	重要なリソースに対する不適切なパーミッションの割り当て	https://cwe.mitre.org/data/definitions/732.html

構成1	以上	以下	より上	未満
cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:::::::*
cpe:2.3:o:fedoraproject:fedora:9:::::::*
cpe:2.3:o:fedoraproject:fedora:10:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:a:avaya:intuity_audix_lx:2.0:-::::::
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1::::::
cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2::::::
cpe:2.3:a:avaya:message_networking:3.1:::::::*
cpe:2.3:a:avaya:messaging_storage_server:3.0:::::::*
cpe:2.3:a:avaya:messaging_storage_server:4.0:::::::*
cpe:2.3:a:avaya:messaging_storage_server:5.0:::::::*
cpe:2.3:o:novell:open_enterprise_server:-:::::::*
cpe:2.3:o:opensuse:opensuse::::::::	10.3	11.0
cpe:2.3:o:suse:linux_enterprise_desktop:9:::::::*
cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
cpe:2.3:o:suse:linux_enterprise_server:10:-::::::
cpe:2.3:a:juniper:ctpview::::::::				7.1
cpe:2.3:a:juniper:ctpview:7.1:-::::::