CVE-2022-41973

Description from NVD

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

Information Acquisition Date:2022-11-01T06:45Z
CVSS 2.0: 0.0 None CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
     source:MISC
     tags:Release Notes    Third Party Advisory    
 http://www.openwall.com/lists/oss-security/2022/10/24/2
     source:MISC
     tags:Exploit    Mailing List    Third Party Advisory    
 https://bugzilla.suse.com/show_bug.cgi?id=1202739
     source:MISC
     tags:Issue Tracking    Third Party Advisory    
 20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
     source:FULLDISC
     tags:Exploit    Mailing List    Third Party Advisory    
 http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
     source:MISC
     tags:Exploit    Mailing List    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(4 tweets) Unix(5 tweets) Wordpress(1 tweets) iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com50
https://security.sios.com/vulnerability/multipath-security-...3
https://securityaffairs.co/wordpress/139209/hacking/three-l...3

▼ Show Information from Twitter(21)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com50
security.sios.com3
securityaffairs.co3

▼ Show Information from Twitter(21)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2022/12/29 Score : 0
Added Har-sia Database : 2022/10/25
Last Modified : 2022/12/29
Highest Scored Date : 2022/10/30
Highest Score : 23