CVE-2010-2526

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

References

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://secunia.com/advisories/40759

http://securitytracker.com/id?1024258

http://www.osvdb.org/66753

http://www.ubuntu.com/usn/USN-1001-1

http://www.vupen.com/english/advisories/2010/1944

https://bugzilla.redhat.com/show_bug.cgi?id=614248

https://exchange.xforce.ibmcloud.com/vulnerabilities/60809

https://rhn.redhat.com/errata/RHSA-2010-0567.html

https://rhn.redhat.com/errata/RHSA-2010-0568.html

https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html

Details

Source: MITRE

Published: 2010-08-05

Updated: 2017-08-17

Type: CWE-287

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.50:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.51:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.52:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.53:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.54:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.55:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.56:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.57:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.58:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.59:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.60:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.61:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.62:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.63:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.64:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.65:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.66:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.67:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.68:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.69:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.70:*:*:*:*:*:*:*

cpe:2.3:a:heinz_mauelshagen:lvm2:*:*:*:*:*:*:*:*

OR

cpe:2.3:a:redhat:cluster_suite:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:advanced_platform:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
79962GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011NessusGentoo Local Security Checks
critical
68073Oracle Linux 5 : lvm2-cluster (ELSA-2010-0567)NessusOracle Linux Local Security Checks
medium
63941RHEL 5 : lvm2-cluster (RHSA-2010:0567)NessusRed Hat Local Security Checks
medium
60824Scientific Linux Security Update : lvm2-cluster,lvm2 for SL5NessusScientific Linux Local Security Checks
medium
51625SuSE 11.1 Security Update : LVM2 (SAT Patch Number 2982)NessusSuSE Local Security Checks
medium
50948SuSE 11 Security Update : lvm2, lvm2-clvm, lvm2-clvm-debuginfo, lvm2-clvm-debugsource, etc (SAT Patch Number 2849)NessusSuSE Local Security Checks
medium
49791Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lvm2 vulnerability (USN-1001-1)NessusUbuntu Local Security Checks
medium
49677Fedora 12 : lvm2-2.02.72-4.fc12 (2010-12250)NessusFedora Local Security Checks
medium
49256openSUSE Security Update : lvm2 (openSUSE-SU-2010:0615-1)NessusSuSE Local Security Checks
medium
49194Fedora 13 : lvm2-2.02.73-2.fc13 / udisks-1.0.1-4.fc13 (2010-13708)NessusFedora Local Security Checks
medium
49117Mandriva Linux Security Advisory : lvm2 (MDVSA-2010:171)NessusMandriva Local Security Checks
medium
49074Fedora 14 : lvm2-2.02.73-1.fc14 (2010-13239)NessusFedora Local Security Checks
medium
48895Debian DSA-2095-1 : lvm2 - insecure communication protocolNessusDebian Local Security Checks
medium
47903CentOS 5 : lvm2-cluster (CESA-2010:0567)NessusCentOS Local Security Checks
medium