Security
Security
multipath-tools does not set correct permissions on the socket file, making it possible to send arbitrary commands to the multipath daemon for local users.
| Package | sys-fs/multipath-tools on all architectures |
|---|---|
| Affected versions | < 0.4.8-r1 |
| Unaffected versions | >= 0.4.8-r1 |
multipath-tools are used to drive the Device Mapper multipathing driver.
multipath-tools uses world-writable permissions for the socket file (/var/run/multipathd.sock).
Local users could send arbitrary commands to the multipath daemon, causing cluster failures and data loss.
chmod o-rwx /var/run/multipath.sock
All multipath-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.4.8-r1"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 13, 2009. It is likely that your system is already no longer affected by this issue.
Release date
June 01, 2010
Latest revision
June 01, 2010: 01
Severity
normal
Exploitable
local
Bugzilla entries