----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
 * Vulnerability Research
 * Software Inspection Results
 * Secunia Research Highlights
 * Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia


----------------------------------------------------------------------

TITLE:
Debian update for multipath-tools

SECUNIA ADVISORY ID:
SA34694

VERIFY ADVISORY:
http://secunia.com/advisories/34694/

DESCRIPTION:
Debian has issues an update for device-mapper-multipath. This fixes a
security issue, which can be exploited by malicious, local users to
bypass certain security restrictions.

The security issue is caused due to multipathd creating a
world-writable socket, which can be exploited to e.g. send arbitrary
commands to the multipath daemon.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
Size/MD5 checksum: 794 96af45800ec71a9fcf8f811416ff90e7
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7.orig.tar.gz
Size/MD5 checksum: 179914 b14f35444f6fee34b6be49a79ebe9439
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
Size/MD5 checksum: 25941 971e214f6a43d817da8da4dcc3763443

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_alpha.deb
Size/MD5 checksum: 189648 b656f97eb5932ef8a5c7da0f82a84137

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_amd64.deb
Size/MD5 checksum: 176688 a51f613920761e339ed609d5894ce7eb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_hppa.deb
Size/MD5 checksum: 173368 2e4e0cd06f1da7b52763595e61ba500d

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_i386.deb
Size/MD5 checksum: 150996 48c1d3875c6d379fc0a62e8c1e28666f

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mips.deb
Size/MD5 checksum: 178114 3fbf325989232f9d696a3bcfbfdf89d1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mipsel.deb
Size/MD5 checksum: 176212 d72b286ae168caa5947cab12db6e8e2b

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb
Size/MD5 checksum: 161776 923e02c8131bbfd298bd2958637fc90b

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_s390.deb
Size/MD5 checksum: 185228 b91cf8601d239237884cd0e03fa67b60

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_sparc.deb
Size/MD5 checksum: 154464 a36b4c818a9dbe7b7c8e61722a70dee6

-- Debian GNU/Linux 5.0 alias lenny --

Source archives:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
Size/MD5 checksum: 1375 04c428b50412dcfe7cefecce779bdd82
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
Size/MD5 checksum: 22746 ec09a8b773c890812f68c431024b89b2
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8.orig.tar.gz
Size/MD5 checksum: 202446 bf67b278e4b23da0c8ad21a278c04cb3

Architecture independent packages:

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
Size/MD5 checksum: 10886 3d518147b5389246bb18904f9f77bc83

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_alpha.udeb
Size/MD5 checksum: 106966 87e769e197696dcd6f0525be77ec0546
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_alpha.deb
Size/MD5 checksum: 204740 95063bb64a1bba317baecbb5b1bdccbb
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_alpha.deb
Size/MD5 checksum: 27756 470a9055c75c2676795ed1817da24c18

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_amd64.udeb
Size/MD5 checksum: 99386 501ea5e8fcff7e02fbb77b341ecef38c
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_amd64.deb
Size/MD5 checksum: 192420 fb9bc700300370ec53cdf66bf39afcd5
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_amd64.deb
Size/MD5 checksum: 25990 f94b58b8cec5665893ad6fc7e8d747d9

arm architecture (ARM)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_arm.udeb
Size/MD5 checksum: 93068 6a35c0bd3eb8d08fa7613f7eb002297f
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_arm.deb
Size/MD5 checksum: 175800 e25edcbde0e9513b82fb59b19357a417
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_arm.deb
Size/MD5 checksum: 27610 a62cafb90a1dd13465389a47585362d4

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_armel.udeb
Size/MD5 checksum: 95358 a0079598fe094908574e9f15dddfb565
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_armel.deb
Size/MD5 checksum: 27852 80241b8329e8e31767d67ff31690bec9
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_armel.deb
Size/MD5 checksum: 179324 1af92c3f6959f119aaf56af499a073fb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_hppa.udeb
Size/MD5 checksum: 100920 6dd4cfb7b8a1b1957f240b1ee922670e
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_hppa.deb
Size/MD5 checksum: 29154 d4de676222f65ef4467e802441253be4
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_hppa.deb
Size/MD5 checksum: 185866 3e7f0749e06a1561c8d9dd21d3cfbc02

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_i386.udeb
Size/MD5 checksum: 85600 77e950f2b8ec5f16dd4f61e340073b8e
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_i386.deb
Size/MD5 checksum: 165474 5f23b56e95e99c389f645b1f7ec53165
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_i386.deb
Size/MD5 checksum: 25336 f9e242279e7c12ea3451f90e8fcf0560

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_ia64.deb
Size/MD5 checksum: 35282 1cc4f5782ed0349da2b1a251ac3a2259
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_ia64.deb
Size/MD5 checksum: 279626 9c86861235fa835825466bc1bed9a93e
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_ia64.udeb
Size/MD5 checksum: 150898 eb2a2c1d0a85c3390a894667009737dd

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mips.udeb
Size/MD5 checksum: 98504 9d0bae38732fe6e4063a661ac4c852a0
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mips.deb
Size/MD5 checksum: 28620 5118f8dda0daf98bdebd3ceae46f1842
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mips.deb
Size/MD5 checksum: 185960 b37960b2d780d87b6b9529d4d4f54b13

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mipsel.deb
Size/MD5 checksum: 184122 6469d393d9cc31189721350ea83156ea
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mipsel.deb
Size/MD5 checksum: 28040 117a10472b5e80e6caf2c21ca33badec
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mipsel.udeb
Size/MD5 checksum: 96510 8b4e0ce2f511554d4e675119ec949c64

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
Size/MD5 checksum: 182596 c06e48ff7f1667d250ba3ebf96139b17
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
Size/MD5 checksum: 29824 6a02f47ebab83955f5ad7e368bb05a7b
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
Size/MD5 checksum: 98676 cab3a7acabbf1538a4b028cf3f6b3ea4

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_s390.deb
Size/MD5 checksum: 199430 43386b3e236b1a5bc1f776f861777fee
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_s390.udeb
Size/MD5 checksum: 106330 deb5ad4134ce0f51d634d7d93114b2df
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_s390.deb
Size/MD5 checksum: 30240 14cc5d88fa49e31d373c94c901c4ccdb

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_sparc.udeb
Size/MD5 checksum: 90714 c83bb4b5d80c763e17b16da65e6b7d15
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_sparc.deb
Size/MD5 checksum: 26980 2a8721fb9a9c38a6a147bbeade3d8cc1
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_sparc.deb
Size/MD5 checksum: 171574 94ba2d8590bc4775f578d3997e08d9d8

-- Debian GNU/Linux unstable alias sid --

Fixed in version 0.4.8-15.

ORIGINAL ADVISORY:
DSA-1767-1:
http://lists.debian.org/debian-security-announce/2009/msg00077.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------