{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41974", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T12:56:39.193Z", "dateReserved": "2022-09-30T00:00:00", "datePublished": "2022-10-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-25T09:06:16.407419"}, "descriptions": [{"lang": "en", "value": "multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1202739"}, {"url": "https://github.com/opensvc/multipath-tools/releases/tag/0.9.2"}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/24/2"}, {"name": "20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/25"}, {"url": "http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html"}, {"name": "FEDORA-2022-6ec78b2586", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/"}, {"url": "https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt"}, {"name": "[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"}, {"name": "20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/4"}, {"url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"}, {"name": "[debian-lts-announce] 20221229 [SECURITY] [DLA 3250-1] multipath-tools security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html"}, {"name": "DSA-5366", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5366"}, {"name": "GLSA-202311-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202311-06"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.193Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1202739", "tags": ["x_transferred"]}, {"url": "https://github.com/opensvc/multipath-tools/releases/tag/0.9.2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/24/2", "tags": ["x_transferred"]}, {"name": "20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Oct/25"}, {"url": "http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-6ec78b2586", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/"}, {"url": "https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"}, {"name": "20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Dec/4"}, {"url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221229 [SECURITY] [DLA 3250-1] multipath-tools security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html"}, {"name": "DSA-5366", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5366"}, {"name": "GLSA-202311-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202311-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensvc:multipath-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F99F4B2-6790-459F-92CB-E984BDA50825", "versionEndExcluding": "0.9.2", "versionStartIncluding": "0.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR."}, {"lang": "es", "value": "multipath-tools 0.7.0 hasta 0.9.x anteriores a 0.9.2 permite a los usuarios locales obtener acceso de root, explotado solo o junto con CVE-2022-41973. Los usuarios locales capaces de escribir en sockets de dominio UNIX pueden eludir los controles de acceso y manipular la configuraci\u00f3n de rutas m\u00faltiples. Esto puede provocar una escalada de privilegios locales al root. Esto ocurre porque un atacante puede repetir una palabra clave, lo cual se maneja mal porque se usa ADD aritm\u00e9tica en lugar de bitwise OR."}], "id": "CVE-2022-41974", "lastModified": "2023-11-25T09:15:44.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-29T19:15:10.160", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/25"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/10/24/2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1202739"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/opensvc/multipath-tools/releases/tag/0.9.2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00037.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIGZM5NOOMFDCITOLQEJNNX5SCRQLQVV/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202311-06"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5366"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7186", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "device-mapper-multipath-0:0.4.9-136.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7192", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "device-mapper-multipath-0:0.8.4-22.el8_6.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7187", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "device-mapper-multipath-0:0.8.0-5.el8_1.1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7188", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "device-mapper-multipath-0:0.8.3-3.el8_2.7", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:7191", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "device-mapper-multipath-0:0.8.4-10.el8_4.4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-10-27T00:00:00Z"}, {"advisory": "RHSA-2022:7185", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "device-mapper-multipath-0:0.8.7-7.el9_0.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-10-25T00:00:00Z"}, {"advisory": "RHSA-2022:8598", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.3-202211170828_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-11-22T00:00:00Z"}], "bugzilla": {"description": "device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket", "id": "2133988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133988"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-285", "details": ["multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.", "A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root."], "name": "CVE-2022-41974", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "device-mapper-multipath", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-41974\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41974\nhttps://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt"], "threat_severity": "Important"}