High severity7.8NVD Advisory· Published Mar 30, 2009· Updated Apr 23, 2026

CVE-2009-0115

Description

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.

Affected products

Avaya/Intuity Audix Lx3 versions
cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:avaya:intuity_audix_lx:2.0:-:*:*:*:*:*:*
- cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:avaya:intuity_audix_lx:2.0:sp2:*:*:*:*:*:*
Avaya/Message Networking
cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*
Avaya/Messaging Storage Server3 versions
cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:avaya:messaging_storage_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:messaging_storage_server:5.0:*:*:*:*:*:*:*
Christophe.varoqui/Multipath Tools
cpe:2.3:a:christophe.varoqui:multipath-tools:0.4.8:*:*:*:*:*:*:*
Juniper Networks/Ctpview2 versions
cpe:2.3:a:juniper:ctpview:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:juniper:ctpview:*:*:*:*:*:*:*:*range: <7.1
- cpe:2.3:a:juniper:ctpview:7.1:-:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Novell/Open Enterprise Server
cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
Range: >=10.3,<=11.0
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xmlnvdBroken LinkExploit
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
launchpad.net/bugs/cve/2009-0115nvdThird Party Advisory
secunia.com/advisories/34418nvdBroken LinkVendor Advisory
secunia.com/advisories/34642nvdBroken LinkVendor Advisory
secunia.com/advisories/34694nvdBroken LinkVendor Advisory
secunia.com/advisories/34710nvdBroken LinkVendor Advisory
secunia.com/advisories/34759nvdBroken LinkVendor Advisory
secunia.com/advisories/38794nvdBroken LinkVendor Advisory
support.avaya.com/elmodocs2/security/ASA-2009-128.htmnvdThird Party Advisory
www.debian.org/security/2009/dsa-1767nvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlnvdMailing List
lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlnvdMailing List
lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvdBroken Link
www.vupen.com/english/advisories/2010/0528nvdPermissions Required
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214nvdBroken Link
www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.htmlnvdMailing List
www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.htmlnvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000