Published: 05/08/2010 Updated: 17/08/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 prior to 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
heinz_mauelshagen lvm2 2.02.67
heinz_mauelshagen lvm2 2.02.66
heinz_mauelshagen lvm2 2.02.58
heinz_mauelshagen lvm2 2.02.57
heinz_mauelshagen lvm2 2.02.50
heinz_mauelshagen lvm2
heinz_mauelshagen lvm2 2.02.70
heinz_mauelshagen lvm2 2.02.62
heinz_mauelshagen lvm2 2.02.61
heinz_mauelshagen lvm2 2.02.54
heinz_mauelshagen lvm2 2.02.53
heinz_mauelshagen lvm2 2.02.69
heinz_mauelshagen lvm2 2.02.68
heinz_mauelshagen lvm2 2.02.60
heinz_mauelshagen lvm2 2.02.59
heinz_mauelshagen lvm2 2.02.52
heinz_mauelshagen lvm2 2.02.51
heinz_mauelshagen lvm2 2.02.65
heinz_mauelshagen lvm2 2.02.64
heinz_mauelshagen lvm2 2.02.63
heinz_mauelshagen lvm2 2.02.56
heinz_mauelshagen lvm2 2.02.55

Debian Bug report logs - #591204 CVE-2010-2526: insecure communication between lvm2 and clvmd Package: clvm; Maintainer for clvm is Debian LVM Team <pkg-lvm-maintainers@listsaliothdebianorg>; Source for clvm is src:lvm2 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 1 Aug 2010 0 ...

The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster ...

Synopsis Moderate: lvm2-cluster security update Type/Severity Security Advisory: Moderate Topic An updated lvm2-cluster package that fixes one security issue is nowavailable for Red Hat Global File System for Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moder ...

Synopsis Moderate: lvm2-cluster security update Type/Severity Security Advisory: Moderate Topic An updated lvm2-cluster package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vu ...

Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in LVM2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service For the stable distribution (lenny), this problem has been fixed in version 20239-8 For the testing distri ...

CWE-287 http://secunia.com/advisories/40759 https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html https://bugzilla.redhat.com/show_bug.cgi?id=614248 http://www.osvdb.org/66753 https://rhn.redhat.com/errata/RHSA-2010-0567.html http://securitytracker.com/id?1024258 https://rhn.redhat.com/errata/RHSA-2010-0568.html http://www.vupen.com/english/advisories/2010/1944 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.ubuntu.com/usn/USN-1001-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/60809 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591204 https://usn.ubuntu.com/1001-1/https://nvd.nist.gov

CVE-2010-2526

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect