[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2526Date: (C)2010-08-05   (M)2023-12-22


The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1024258
SECUNIA-40759
OSVDB-66753
ADV-2010-1944
RHSA-2010:0567
RHSA-2010:0568
SUSE-SR:2010:017
USN-1001-1
https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html
https://bugzilla.redhat.com/show_bug.cgi?id=614248
lvm2-socket-privilege-escalation(60809)

CPE    27
cpe:/a:heinz_mauelshagen:lvm2:2.02.61
cpe:/a:heinz_mauelshagen:lvm2:2.02.60
cpe:/a:heinz_mauelshagen:lvm2:2.02.63
cpe:/a:heinz_mauelshagen:lvm2:2.02.62
...
CWE    1
CWE-287
OVAL    9
oval:org.secpod.oval:def:700169
oval:org.secpod.oval:def:300087
oval:org.secpod.oval:def:100905
oval:org.secpod.oval:def:100913
...

© SecPod Technologies