CVE-2022-41974

Vulnerability Description

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-BypasExploitMailing ListThird Party Advisory
• http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_witExploitThird Party AdvisoryVDB Entry
• http://seclists.org/fulldisclosure/2022/Dec/4ExploitMailing ListThird Party Advisory
• http://seclists.org/fulldisclosure/2022/Oct/25ExploitMailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2022/10/24/2ExploitMailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2022/11/30/2ExploitMailing ListThird Party Advisory
• https://bugzilla.suse.com/show_bug.cgi?id=1202739Issue TrackingThird Party Advisory
• https://github.com/opensvc/multipath-tools/releases/tag/0.9.2Release NotesThird Party Advisory
• https://lists.debian.org/debian-lts-announce/2022/12/msg00037.htmlMailing ListThird Party Advisory
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
• https://security.gentoo.org/glsa/202311-06
• https://www.debian.org/security/2023/dsa-5366Third Party Advisory
• https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txtExploitThird Party Advisory
• http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-BypasExploitMailing ListThird Party Advisory
• http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_witExploitThird Party AdvisoryVDB Entry