Vulnerabilities > CVE-2009-0115 - Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60562);
  script_version("1.5");
  script_cvs_date("Date: 2019/10/25 13:36:18");

  script_cve_id("CVE-2009-0115");

  script_name(english:"Scientific Linux Security Update : device-mapper-multipath on SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the multipathd daemon set incorrect permissions
on the socket used to communicate with command line clients. An
unprivileged, local user could use this flaw to send commands to
multipathd, resulting in access disruptions to storage devices
accessible via multiple paths and, possibly, file system corruption on
these devices. (CVE-2009-0115)

The multipathd service must be restarted for the changes to take
effect.

Important: the version of the multipathd daemon in Scientific Linux 5
has a known issue which may cause a machine to become unresponsive
when the multipathd service is stopped. Until this issue is resolved,
we recommend restarting the multipathd service by issuing the
following commands in sequence :

# killall -KILL multipathd

# service multipathd restart"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=922
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e9819755"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected device-mapper-multipath and / or kpartx packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"device-mapper-multipath-0.4.5-31.el4_7.1")) flag++;

if (rpm_check(release:"SL5", reference:"device-mapper-multipath-0.4.7-23.el5_3.2")) flag++;
if (rpm_check(release:"SL5", reference:"kpartx-0.4.7-23.el5_3.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");