The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      FMOD Studio       PEAR Mail       LVM2       GnuCash       xine-lib       Last.fm Scrobbler       WebKitGTK+       shadow tool suite       PEAR       unixODBC       Resource Agents       mrouted       rsync       XML Security Library       xrdb       Vino       OProfile       syslog-ng       sFlow Toolkit       GNOME Display Manager       libsoup       CA Certificates       Gitolite       QtCreator       Racer   Impact :

    A context-dependent attacker may be able to gain escalated privileges,       execute arbitrary code, cause Denial of Service, obtain sensitive       information, or otherwise bypass security restrictions.
  Workaround :

    There are no known workarounds at this time.

From Red Hat Security Advisory 2010:0567 :

An updated lvm2-cluster package that fixes one security issue is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The lvm2-cluster package contains support for Logical Volume Management (LVM) in a clustered environment.

It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect.

An updated lvm2-cluster package that fixes one security issue is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The lvm2-cluster package contains support for Logical Volume Management (LVM) in a clustered environment.

It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect.

It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update 2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect.

5. Bugs fixed

CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd

6. Package List :

clvmd, when running, allowed unprivileged local users to issue arbitrary lvm commands (CVE-2010-2526) via incorrect permissions. This has been fixed.

clvmd, when running, allowed unprivileged local users to issue arbitrary lvm commands (CVE-2010-2526) via incorrect permissions.

The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users.

The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together.

Further details are given in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526

After updating the packages, make sure that clvmd restarted itself.

This update also includes several other important bug fixes - see the detailed changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

clvmd allowed unprivileged users to issue arbitrary lvm commands (CVE-2010-2526).

This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details are given in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526 After updating the packages, make sure that clvmd restarted itself. This update also includes several other important bug fixes and enhancements - see the detailed changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been found and corrected in lvm2 :

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands (CVE-2010-2526).

The updated packages have been patched to correct this issue.

This update fixes some minor problems as listed in the changelog. To improve performance, Logical Volumes will be aligned at 1MB boundaries by default now on any newly-created Physical Volumes that don't report a preferred alignment to the O/S. This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details are given in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526 After updating the packages, make sure that clvmd restarted itself. This update also includes several other important bug fixes - see the detailed changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in LVM2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service.

ID	Name	Product	Family	Severity
79962	GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011	Nessus	Gentoo Local Security Checks	critical
68073	Oracle Linux 5 : lvm2-cluster (ELSA-2010-0567)	Nessus	Oracle Linux Local Security Checks	medium
63941	RHEL 5 : lvm2-cluster (RHSA-2010:0567)	Nessus	Red Hat Local Security Checks	medium
60824	Scientific Linux Security Update : lvm2-cluster,lvm2 for SL5	Nessus	Scientific Linux Local Security Checks	medium
51625	SuSE 11.1 Security Update : LVM2 (SAT Patch Number 2982)	Nessus	SuSE Local Security Checks	medium
50948	SuSE 11 Security Update : lvm2, lvm2-clvm, lvm2-clvm-debuginfo, lvm2-clvm-debugsource, etc (SAT Patch Number 2849)	Nessus	SuSE Local Security Checks	medium
49791	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lvm2 vulnerability (USN-1001-1)	Nessus	Ubuntu Local Security Checks	medium
49677	Fedora 12 : lvm2-2.02.72-4.fc12 (2010-12250)	Nessus	Fedora Local Security Checks	medium
49256	openSUSE Security Update : lvm2 (openSUSE-SU-2010:0615-1)	Nessus	SuSE Local Security Checks	medium
49194	Fedora 13 : lvm2-2.02.73-2.fc13 / udisks-1.0.1-4.fc13 (2010-13708)	Nessus	Fedora Local Security Checks	medium
49117	Mandriva Linux Security Advisory : lvm2 (MDVSA-2010:171)	Nessus	Mandriva Local Security Checks	medium
49074	Fedora 14 : lvm2-2.02.73-1.fc14 (2010-13239)	Nessus	Fedora Local Security Checks	medium
48895	Debian DSA-2095-1 : lvm2 - insecure communication protocol	Nessus	Debian Local Security Checks	medium
47903	CentOS 5 : lvm2-cluster (CESA-2010:0567)	Nessus	CentOS Local Security Checks	medium

Detections

Analytics

CVE-2010-2526

high

Tenable Plugins

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium