Weekly Vulnerabilities Reports > March 30 to April 5, 2009

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 8 vendors including Debian, Fedoraproject, Opensuse, Suse, and Avaya. Vulnerabilities are notably categorized as and "Incorrect Permission Assignment for Critical Resource".

Debian has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES

CRITICAL RISK
VULNERABILITIES

HIGH RISK
VULNERABILITIES

MEDIUM RISK
VULNERABILITIES

LOW RISK
VULNERABILITIES

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

0 Critical Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS

Expand/Hide

1 High Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2009-03-30	CVE-2009-0115	Christophe Varoqui Fedoraproject Debian Avaya Suse Opensuse Novell Juniper	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.	7.8

Expand/Hide

1 Medium Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS
2009-03-31	CVE-2009-1073	Debian	Incorrect Permission Assignment for Critical Resource vulnerability in Debian Linux and Nss-Ldap nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.	5.5

Expand/Hide

0 Low Vulnerabilities

DATE	CVE	VENDOR	VULNERABILITY	CVSS