device-mapper-multipath-0.4.7-23.2.1AXS3
エラータID: AXSA:2009-47:01
リリース日:
2009/04/30 Thursday - 13:37
題名:
device-mapper-multipath-0.4.7-23.2.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- multipath-toolsには、ソケットファイルのパーミッションの設定が適切で
はない問題があり、ローカルのユーザが任意のコマンドを multipath デーモン
に送ることができる脆弱性があります。(CVE-2009-0115)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-0115
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
追加情報:
N/A
ダウンロード:
SRPMS
- device-mapper-multipath-0.4.7-23.2.1AXS3.src.rpm
MD5: a4c071795e4bc4641d3f089eea1bcb4a
SHA-256: 99215be521c2569553ec74696a342ae4681cb10520b3733b8ea2bef66cdd5b75
Size: 223.75 kB
Asianux Server 3 for x86
- device-mapper-multipath-0.4.7-23.2.1AXS3.i386.rpm
MD5: a9992e1ba1dadb70f42951fad8b22f16
SHA-256: 84ee5fa154d66a53f18100fdd4defc6f05b38ba95a3372ac9ce50c17ffe9f5d1
Size: 2.25 MB - kpartx-0.4.7-23.2.1AXS3.i386.rpm
MD5: 20ed73f9a69f82347c10790a82c0cbce
SHA-256: 53fba441e96b123bd4927e9b6d52787d6efd540c307294a9215d6a1292c25677
Size: 404.58 kB
Asianux Server 3 for x86_64
- device-mapper-multipath-0.4.7-23.2.1AXS3.x86_64.rpm
MD5: a91fee0f70193a4dafbcdec05987dee9
SHA-256: 284a6cd3bf201baf0dcf7a5455941d93bbb73cf19ddc62bd4fa0b457be32f7fb
Size: 2.39 MB - kpartx-0.4.7-23.2.1AXS3.x86_64.rpm
MD5: 72037454071de2a7bf8acc50794e0ad1
SHA-256: d434882c7960157dc9f26e5d19232d83f5b33145dc9e9881cd9e13fc191c37e6
Size: 420.73 kB