GLSA-201006-10 : multipath-tools: World-writeable socket
High Nessus Plugin ID 46777
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201006-10 (multipath-tools: World-writeable socket)
multipath-tools uses world-writable permissions for the socket file (/var/run/multipathd.sock).
Local users could send arbitrary commands to the multipath daemon, causing cluster failures and data loss.
chmod o-rwx /var/run/multipath.sock
SolutionAll multipath-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-fs/multipath-tools-0.4.8-r1' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 13, 2009. It is likely that your system is already no longer affected by this issue.