Vulnerabilities > Avaya > Messaging Storage Server > 3.0

DATE CVE VULNERABILITY TITLE RISK
2009-03-30 CVE-2009-0115 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
7.8
2006-04-04 CVE-2006-1058 Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
local
low complexity
busybox avaya CWE-916
5.5