Debian: DSA-1767-1: New multipath-tools packages fix denial of service

    Date09 Apr 2009
    CategoryDebian
    74
    Posted ByLinuxSecurity Advisories
    It was discovered that multipathd of multipath-tools, a tool-chain to manage disk multipath device maps, uses insecure permissions on its unix domain control socket which enables local attackers to issue commands to multipathd
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-1767-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                                 Nico Golde
    April 9th, 2009                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : multipath-tools
    Vulnerability  : insecure file permissions
    Problem type   : local
    Debian-specific: no
    CVE ID         : CVE-2009-0115
    Debian Bug     : 522813
    
    
    It was discovered that multipathd of multipath-tools, a tool-chain to manage
    disk multipath device maps, uses insecure permissions on its unix domain
    control socket which enables local attackers to issue commands to multipathd
    prevent access to storage devices or corrupt file system data.
    
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 0.4.7-1.1etch2.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.4.8-14+lenny1.
    
    For the testing distribution (squeeze), this problem will be fixed soon.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 0.4.8-15.
    
    
    We recommend that you upgrade your multipath-tools packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
        Size/MD5 checksum:      794 96af45800ec71a9fcf8f811416ff90e7
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7.orig.tar.gz
        Size/MD5 checksum:   179914 b14f35444f6fee34b6be49a79ebe9439
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
        Size/MD5 checksum:    25941 971e214f6a43d817da8da4dcc3763443
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_alpha.deb
        Size/MD5 checksum:   189648 b656f97eb5932ef8a5c7da0f82a84137
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_amd64.deb
        Size/MD5 checksum:   176688 a51f613920761e339ed609d5894ce7eb
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_hppa.deb
        Size/MD5 checksum:   173368 2e4e0cd06f1da7b52763595e61ba500d
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_i386.deb
        Size/MD5 checksum:   150996 48c1d3875c6d379fc0a62e8c1e28666f
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mips.deb
        Size/MD5 checksum:   178114 3fbf325989232f9d696a3bcfbfdf89d1
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mipsel.deb
        Size/MD5 checksum:   176212 d72b286ae168caa5947cab12db6e8e2b
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb
        Size/MD5 checksum:   161776 923e02c8131bbfd298bd2958637fc90b
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_s390.deb
        Size/MD5 checksum:   185228 b91cf8601d239237884cd0e03fa67b60
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_sparc.deb
        Size/MD5 checksum:   154464 a36b4c818a9dbe7b7c8e61722a70dee6
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
        Size/MD5 checksum:     1375 04c428b50412dcfe7cefecce779bdd82
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
        Size/MD5 checksum:    22746 ec09a8b773c890812f68c431024b89b2
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8.orig.tar.gz
        Size/MD5 checksum:   202446 bf67b278e4b23da0c8ad21a278c04cb3
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
        Size/MD5 checksum:    10886 3d518147b5389246bb18904f9f77bc83
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_alpha.udeb
        Size/MD5 checksum:   106966 87e769e197696dcd6f0525be77ec0546
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_alpha.deb
        Size/MD5 checksum:   204740 95063bb64a1bba317baecbb5b1bdccbb
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_alpha.deb
        Size/MD5 checksum:    27756 470a9055c75c2676795ed1817da24c18
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_amd64.udeb
        Size/MD5 checksum:    99386 501ea5e8fcff7e02fbb77b341ecef38c
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_amd64.deb
        Size/MD5 checksum:   192420 fb9bc700300370ec53cdf66bf39afcd5
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_amd64.deb
        Size/MD5 checksum:    25990 f94b58b8cec5665893ad6fc7e8d747d9
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_arm.udeb
        Size/MD5 checksum:    93068 6a35c0bd3eb8d08fa7613f7eb002297f
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_arm.deb
        Size/MD5 checksum:   175800 e25edcbde0e9513b82fb59b19357a417
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_arm.deb
        Size/MD5 checksum:    27610 a62cafb90a1dd13465389a47585362d4
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_armel.udeb
        Size/MD5 checksum:    95358 a0079598fe094908574e9f15dddfb565
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_armel.deb
        Size/MD5 checksum:    27852 80241b8329e8e31767d67ff31690bec9
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_armel.deb
        Size/MD5 checksum:   179324 1af92c3f6959f119aaf56af499a073fb
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_hppa.udeb
        Size/MD5 checksum:   100920 6dd4cfb7b8a1b1957f240b1ee922670e
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_hppa.deb
        Size/MD5 checksum:    29154 d4de676222f65ef4467e802441253be4
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_hppa.deb
        Size/MD5 checksum:   185866 3e7f0749e06a1561c8d9dd21d3cfbc02
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_i386.udeb
        Size/MD5 checksum:    85600 77e950f2b8ec5f16dd4f61e340073b8e
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_i386.deb
        Size/MD5 checksum:   165474 5f23b56e95e99c389f645b1f7ec53165
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_i386.deb
        Size/MD5 checksum:    25336 f9e242279e7c12ea3451f90e8fcf0560
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_ia64.deb
        Size/MD5 checksum:    35282 1cc4f5782ed0349da2b1a251ac3a2259
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_ia64.deb
        Size/MD5 checksum:   279626 9c86861235fa835825466bc1bed9a93e
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_ia64.udeb
        Size/MD5 checksum:   150898 eb2a2c1d0a85c3390a894667009737dd
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mips.udeb
        Size/MD5 checksum:    98504 9d0bae38732fe6e4063a661ac4c852a0
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mips.deb
        Size/MD5 checksum:    28620 5118f8dda0daf98bdebd3ceae46f1842
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mips.deb
        Size/MD5 checksum:   185960 b37960b2d780d87b6b9529d4d4f54b13
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mipsel.deb
        Size/MD5 checksum:   184122 6469d393d9cc31189721350ea83156ea
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mipsel.deb
        Size/MD5 checksum:    28040 117a10472b5e80e6caf2c21ca33badec
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mipsel.udeb
        Size/MD5 checksum:    96510 8b4e0ce2f511554d4e675119ec949c64
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
        Size/MD5 checksum:   182596 c06e48ff7f1667d250ba3ebf96139b17
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
        Size/MD5 checksum:    29824 6a02f47ebab83955f5ad7e368bb05a7b
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
        Size/MD5 checksum:    98676 cab3a7acabbf1538a4b028cf3f6b3ea4
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_s390.deb
        Size/MD5 checksum:   199430 43386b3e236b1a5bc1f776f861777fee
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_s390.udeb
        Size/MD5 checksum:   106330 deb5ad4134ce0f51d634d7d93114b2df
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_s390.deb
        Size/MD5 checksum:    30240 14cc5d88fa49e31d373c94c901c4ccdb
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_sparc.udeb
        Size/MD5 checksum:    90714 c83bb4b5d80c763e17b16da65e6b7d15
      http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_sparc.deb
        Size/MD5 checksum:    26980 2a8721fb9a9c38a6a147bbeade3d8cc1
      http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_sparc.deb
        Size/MD5 checksum:   171574 94ba2d8590bc4775f578d3997e08d9d8
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.