Bug 493330 (CVE-2009-0115)
| Summary: | CVE-2009-0115 device-mapper-multipath: insecure permissions on multipathd.sock | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | agk, bmarzins, bmr, christophe.varoqui, dwysocha, egoggin, heinzm, iannis, junichi.nomura, kreilly, kueda, lmb, lvm-team, mbroz, msnitzer, ovirt-maint, prockai, tranlan, vdanen | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0115 | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2010-05-04 17:06:52 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 493399, 493400, 493401, 493402 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Tomas Hoger
2009-04-01 13:32:05 UTC
Affected component in Red Hat Enterprise Linux / Fedora is device-mapper-multipath, with both EL4 and EL5 seem to be affected by this flaw. Created attachment 337521 [details] Patch extracted from SuSE SRPM Source: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/multipath-tools-0.4.7-80.2.src.rpm The patch does not yet seem to be applied in the upstream git: http://git.kernel.org/gitweb.cgi?p=linux/storage/multipath-tools/.git;a=tree;f=multipathd This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0411 https://rhn.redhat.com/errata/RHSA-2009-0411.html device-mapper-multipath-0.4.7-17.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/device-mapper-multipath-0.4.7-17.fc9 device-mapper-multipath-0.4.8-9.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/device-mapper-multipath-0.4.8-9.fc10 device-mapper-multipath-0.4.8-9.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. device-mapper-multipath-0.4.7-17.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |