CVE-2009-0115 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0115): multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE Linux Enterprise Server (SLES) 10 uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
patch: http://git.kernel.org/gitweb.cgi?p=linux/storage/multipath-tools/.git;a=commit;h=0a0319d381249760c71023edbe0ac9c093bb4a74
base-system, ping
In 0.4.8-r1 (1.2) now, cleared for stable request (has some other fixes in it too).
Arches, please test and mark stable: =sys-fs/multipath-tools-0.4.8-r1 Target keywords : "amd64 ppc ppc64 x86"
ppc64 done
x86 stable
amd64 stable
Marked ppc stable.
GLSA vote: yes.
+1 vote as the maintainer. Anybody writing to the socket locally can cause SAN disks to go offline, potentially causing an entire OCFS2 cluster to fence/panic.
I've confirmed this problem exists in my production cluster. chmod o-rwx /var/run/multipath.sock works around it at runtime. But it's less then ideal. Please fire off a GLSA for this to raise awareness.
GLSA request filed.
GLSA 201006-10