Scientific Linux Security Update : device-mapper-multipath on SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was discovered that the multipathd daemon set incorrect permissions
on the socket used to communicate with command line clients. An
unprivileged, local user could use this flaw to send commands to
multipathd, resulting in access disruptions to storage devices
accessible via multiple paths and, possibly, file system corruption on
these devices. (CVE-2009-0115)

The multipathd service must be restarted for the changes to take
effect.

Important: the version of the multipathd daemon in Scientific Linux 5
has a known issue which may cause a machine to become unresponsive
when the multipathd service is stopped. Until this issue is resolved,
we recommend restarting the multipathd service by issuing the
following commands in sequence :

# killall -KILL multipathd

# service multipathd restart

See also :

http://www.nessus.org/u?b676e275

Solution :

Update the affected device-mapper-multipath and / or kpartx packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60562 ()

Bugtraq ID:

CVE ID: CVE-2009-0115