CVE-2022-41974

Name
CVE-2022-41974
Description
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
MISC http://www.openwall.com/lists/oss-security/2022/10/24/2
MISC https://bugzilla.suse.com/show_bug.cgi?id=1202739
FULLDISC http://seclists.org/fulldisclosure/2022/Oct/25
MISC http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/
Third Party Advisory https://www.debian.org/security/2023/dsa-5366
Mailing List https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html
Exploit http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
Exploit http://seclists.org/fulldisclosure/2022/Dec/4
Exploit http://www.openwall.com/lists/oss-security/2022/11/30/2
Exploit https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:opensvc:multipath-tools:*:*:*:*:*:*:*:* multipath-tools >= 0.7.0 < 0.9.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
multipath-tools 3.16-main 0.8.9-r1 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
multipath-tools 3.15-main 0.8.7-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
multipath-tools 3.14-main 0.8.6-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
multipath-tools 3.13-main 0.8.5-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable