ID CESA-2010:0567 Type centos Reporter CentOS Project Modified 2010-07-29T09:37:04
Description
CentOS Errata and Security Advisory CESA-2010:0567
The lvm2-cluster package contains support for Logical Volume Management
(LVM) in a clustered environment.
It was discovered that the cluster logical volume manager daemon (clvmd)
did not verify the credentials of clients connecting to its control UNIX
abstract socket, allowing local, unprivileged users to send control
commands that were intended to only be available to the privileged root
user. This could allow a local, unprivileged user to cause clvmd to exit,
or request clvmd to activate, deactivate, or reload any logical volume on
the local system or another system in the cluster. (CVE-2010-2526)
Note: This update changes clvmd to use a pathname-based socket rather than
an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes
LVM to also use this pathname-based socket, must also be installed for LVM
to be able to communicate with the updated clvmd.
All lvm2-cluster users should upgrade to this updated package, which
contains a backported patch to correct this issue. After installing the
updated package, clvmd must be restarted for the update to take effect.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2010-July/016844.html
http://lists.centos.org/pipermail/centos-announce/2010-July/016845.html
{"bulletinFamily": "unix", "affectedPackage": [{"OS": "CentOS", "packageVersion": "2.02.56-7.el5_5.4", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm", "packageName": "lvm2-cluster", "operator": "lt", "arch": "x86_64", "OSVersion": "5"}, {"OS": "CentOS", "packageVersion": "2.02.56-7.el5_5.4", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.src.rpm", "packageName": "lvm2-cluster", "operator": "lt", "arch": "any", "OSVersion": "5"}, {"OS": "CentOS", "packageVersion": "2.02.56-7.el5_5.4", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.src.rpm", "packageName": "lvm2-cluster", "operator": "lt", "arch": "any", "OSVersion": "5"}, {"OS": "CentOS", "packageVersion": "2.02.56-7.el5_5.4", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm", "packageName": "lvm2-cluster", "operator": "lt", "arch": "i386", "OSVersion": "5"}], "viewCount": 2, "reporter": "CentOS Project", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0567.html"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0567\n\n\nThe lvm2-cluster package contains support for Logical Volume Management\n(LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon (clvmd)\ndid not verify the credentials of clients connecting to its control UNIX\nabstract socket, allowing local, unprivileged users to send control\ncommands that were intended to only be available to the privileged root\nuser. This could allow a local, unprivileged user to cause clvmd to exit,\nor request clvmd to activate, deactivate, or reload any logical volume on\nthe local system or another system in the cluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather than\nan abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes\nLVM to also use this pathname-based socket, must also be installed for LVM\nto be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing the\nupdated package, clvmd must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016844.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016845.html\n\n**Affected packages:**\nlvm2-cluster\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0567.html", "hashmap": [{"key": "affectedPackage", "hash": "2686b00d995a43063bd05bd13a23476b"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "75760ee9cbaf4692f5a013c766072a2b"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "description", "hash": "8aff95d68f514d09678979172c3ea336"}, {"key": "href", "hash": "abc17e9849cb76ca8881a4fd7c9c1fc0"}, {"key": "modified", "hash": "d8a2356c85b2829006630dd23ed6fc50"}, {"key": "published", "hash": "d8a2356c85b2829006630dd23ed6fc50"}, {"key": "references", "hash": "076ec423a0e898f3f8238cb6e3448f59"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "dbf1c47682cacbc8641a8f8c373e32b8"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016844.html", "modified": "2010-07-29T09:37:04", "objectVersion": "1.3", "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2526"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231067982", "OPENVAS:1361412562310862688", "OPENVAS:1361412562310862403", "OPENVAS:862403", "OPENVAS:1361412562310862431", "OPENVAS:1361412562310831147", "OPENVAS:1361412562310880581", "OPENVAS:862431", "OPENVAS:862688", "OPENVAS:862402"]}, {"type": "nessus", "idList": ["FEDORA_2010-13708.NASL", "FEDORA_2010-12250.NASL", "SL_20100728_LVM2_CLUSTER_LVM2_FOR_SL5.NASL", "DEBIAN_DSA-2095.NASL", "SUSE_11_LVM2-100730.NASL", "ORACLELINUX_ELSA-2010-0567.NASL", "FEDORA_2010-13239.NASL", "MANDRIVA_MDVSA-2010-171.NASL", "REDHAT-RHSA-2010-0567.NASL", "CENTOS_RHSA-2010-0567.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2095-1:1B07A"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0567"]}, {"type": "redhat", "idList": ["RHSA-2010:0567", "RHSA-2010:0568"]}, {"type": "ubuntu", "idList": ["USN-1001-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24716"]}, {"type": "gentoo", "idList": ["GLSA-201412-09"]}], "modified": "2019-05-29T18:34:01"}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:34:01"}, "vulnersScore": 5.9}, "id": "CESA-2010:0567", "title": "lvm2 security update", "hash": "1184989d5b9b32121ce17cd4e9c1940b00562303b58a94f2ab05ffc57258d553", "edition": 2, "published": "2010-07-29T09:37:04", "type": "centos", "history": [{"bulletin": {"affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm", "packageName": "lvm2-cluster", "packageVersion": "2.02.56-7.el5_5.4"}, {"OS": "CentOS", "OSVersion": "5", "arch": "any", "operator": "lt", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.src.rpm", "packageName": "lvm2-cluster", "packageVersion": "2.02.56-7.el5_5.4"}, {"OS": "CentOS", "OSVersion": "5", "arch": "any", "operator": "lt", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.src.rpm", "packageName": "lvm2-cluster", "packageVersion": "2.02.56-7.el5_5.4"}, {"OS": "CentOS", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm", "packageName": "lvm2-cluster", "packageVersion": "2.02.56-7.el5_5.4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2010-2526"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "**CentOS Errata and Security Advisory** CESA-2010:0567\n\n\nThe lvm2-cluster package contains support for Logical Volume Management\n(LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon (clvmd)\ndid not verify the credentials of clients connecting to its control UNIX\nabstract socket, allowing local, unprivileged users to send control\ncommands that were intended to only be available to the privileged root\nuser. This could allow a local, unprivileged user to cause clvmd to exit,\nor request clvmd to activate, deactivate, or reload any logical volume on\nthe local system or another system in the cluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather than\nan abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes\nLVM to also use this pathname-based socket, must also be installed for LVM\nto be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing the\nupdated package, clvmd must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016844.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-July/016845.html\n\n**Affected packages:**\nlvm2-cluster\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0567.html", "edition": 1, "enchantments": {"dependencies": {"modified": "2017-10-03T18:24:24", "references": [{"idList": ["ELSA-2010-0567"], "type": "oraclelinux"}, {"idList": ["SECURITYVULNS:DOC:24716"], "type": "securityvulns"}, {"idList": ["UBUNTU_USN-1001-1.NASL", "SUSE_11_LVM2-CLVM2-100820.NASL", "SUSE_11_LVM2-100730.NASL", "FEDORA_2010-13708.NASL", "ORACLELINUX_ELSA-2010-0567.NASL", "REDHAT-RHSA-2010-0567.NASL", "MANDRIVA_MDVSA-2010-171.NASL", "DEBIAN_DSA-2095.NASL", "CENTOS_RHSA-2010-0567.NASL", "SUSE_11_1_LVM2-100812.NASL"], "type": "nessus"}, {"idList": ["GLSA-201412-09"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310831147", "OPENVAS:1361412562310862431", "OPENVAS:136141256231067982", "OPENVAS:862431", "OPENVAS:831147", "OPENVAS:880581", "OPENVAS:862688", "OPENVAS:1361412562310880581", "OPENVAS:67982", "OPENVAS:1361412562310862402"], "type": "openvas"}, {"idList": ["RHSA-2010:0567", "RHSA-2010:0568"], "type": "redhat"}, {"idList": ["USN-1001-1"], "type": "ubuntu"}, {"idList": ["CVE-2010-2526"], "type": "cve"}, {"idList": ["DEBIAN:DSA-2095-1:1B07A"], "type": "debian"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "9cc82c9a7e7d7f280dd191962db02d2a627b2e0f01d38461e9a39ad2d902d169", "hashmap": [{"hash": "dbf1c47682cacbc8641a8f8c373e32b8", "key": "title"}, {"hash": "2686b00d995a43063bd05bd13a23476b", "key": "affectedPackage"}, {"hash": "076ec423a0e898f3f8238cb6e3448f59", "key": "references"}, {"hash": "abc17e9849cb76ca8881a4fd7c9c1fc0", "key": "href"}, {"hash": "9855627921475e40e00f92d60af14cb3", "key": "reporter"}, {"hash": "d8a2356c85b2829006630dd23ed6fc50", "key": "published"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "cdc872db616ac66adb3166c75e9ad183", "key": "type"}, {"hash": "75760ee9cbaf4692f5a013c766072a2b", "key": "cvelist"}, {"hash": "8aff95d68f514d09678979172c3ea336", "key": "description"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "d8a2356c85b2829006630dd23ed6fc50", "key": "modified"}], "history": [], "href": "http://lists.centos.org/pipermail/centos-announce/2010-July/016844.html", "id": "CESA-2010:0567", "lastseen": "2017-10-03T18:24:24", "modified": "2010-07-29T09:37:04", "objectVersion": "1.3", "published": "2010-07-29T09:37:04", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0567.html"], "reporter": "CentOS Project", "title": "lvm2 security update", "type": "centos", "viewCount": 2}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-10-03T18:24:24"}], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvelist": ["CVE-2010-2526"], "lastseen": "2019-05-29T18:34:01", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.", "modified": "2017-08-17T01:32:00", "id": "CVE-2010-2526", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2526", "published": "2010-08-05T13:22:00", "title": "CVE-2010-2526", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:02", "bulletinFamily": "unix", "description": "The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.", "modified": "2010-10-06T00:00:00", "published": "2010-10-06T00:00:00", "id": "USN-1001-1", "href": "https://usn.ubuntu.com/1001-1/", "title": "LVM2 vulnerability", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:171\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : lvm2\r\n Date : September 6, 2010\r\n Affected: 2009.1, 2010.0, 2010.1\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in lvm2:\r\n \r\n The cluster logical volume manager daemon (clvmd) in lvm2-cluster\r\n in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)\r\n and other products, does not verify client credentials upon a socket\r\n connection, which allows local users to cause a denial of service\r\n (daemon exit or logical-volume change) or possibly have unspecified\r\n other impact via crafted control commands (CVE-2010-2526).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.1:\r\n 11ac47baa0dffc858deae4847afc95bc 2009.1/i586/clvmd-2.02.33-8.1mnb2.i586.rpm\r\n 3e28f4c39a97f96dff14ea07e63c0375 2009.1/i586/lvm2-2.02.33-8.1mnb2.i586.rpm \r\n 1473d81d8d69eecfffeba569d6a524ab 2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n f3c07dc0fa38749ea2be8b8a334e08c7 2009.1/x86_64/clvmd-2.02.33-8.1mnb2.x86_64.rpm\r\n 18f0a933f3236c38a7b2f0c8fdfb0516 2009.1/x86_64/lvm2-2.02.33-8.1mnb2.x86_64.rpm \r\n 1473d81d8d69eecfffeba569d6a524ab 2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 28d2ca049d8736523166f7c99730550d 2010.0/i586/clvmd-2.02.53-9.2mnb2.i586.rpm\r\n e6456c6b7f8b64bb9579cd485fd1883c 2010.0/i586/dmsetup-1.02.38-9.2mnb2.i586.rpm\r\n f44de286bd97799df0633639605f9a7b 2010.0/i586/libdevmapper1.02-1.02.38-9.2mnb2.i586.rpm\r\n 9b497f111670636f1dfc9fd3d0635b63 2010.0/i586/libdevmapper-devel-1.02.38-9.2mnb2.i586.rpm\r\n dc1d8288bc99b1a1e18508d6a0edb595 2010.0/i586/libdevmapper-event1.02-1.02.38-9.2mnb2.i586.rpm\r\n 9b01ee505c3a4949fa0f161c03280b83 2010.0/i586/libdevmapper-event-devel-1.02.38-9.2mnb2.i586.rpm\r\n 61cfd88b9c6789d37fdaf4f6254116ff 2010.0/i586/liblvm2cmd2.02-2.02.53-9.2mnb2.i586.rpm\r\n 929d5d33f66502a078cd8212e1b537b1 2010.0/i586/liblvm2cmd-devel-2.02.53-9.2mnb2.i586.rpm\r\n b17cbac08c61dce99597e6dbb6702045 2010.0/i586/lvm2-2.02.53-9.2mnb2.i586.rpm \r\n 27e1f390f03910f521d6c9248fd28cfb 2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 3bf5a13a5e066af39062bdaa7a4e6d87 2010.0/x86_64/clvmd-2.02.53-9.2mnb2.x86_64.rpm\r\n aa1f570c9a929aee83dd9547ae905468 2010.0/x86_64/dmsetup-1.02.38-9.2mnb2.x86_64.rpm\r\n 81f077f42936ec8be557105a220a149b 2010.0/x86_64/lib64devmapper1.02-1.02.38-9.2mnb2.x86_64.rpm\r\n e90c54801d5d3e201d68731e2cbc4dc5 2010.0/x86_64/lib64devmapper-devel-1.02.38-9.2mnb2.x86_64.rpm\r\n 56d2c5cd25dfef94a15568c420743fea 2010.0/x86_64/lib64devmapper-event1.02-1.02.38-9.2mnb2.x86_64.rpm\r\n 4cff5d26f20d11a57a7dffe7fb3421a8 2010.0/x86_64/lib64devmapper-event-devel-1.02.38-9.2mnb2.x86_64.rpm\r\n 40f4f8aa95abd23c8640e5cf22031b02 2010.0/x86_64/lib64lvm2cmd2.02-2.02.53-9.2mnb2.x86_64.rpm\r\n a87f6ecae4c05b5ced933cb3468ed499 2010.0/x86_64/lib64lvm2cmd-devel-2.02.53-9.2mnb2.x86_64.rpm\r\n 96c9b9781d1168c90a557cc583930a7e 2010.0/x86_64/lvm2-2.02.53-9.2mnb2.x86_64.rpm \r\n 27e1f390f03910f521d6c9248fd28cfb 2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 48f74df7e0156e45f230429aa41cea7a 2010.1/i586/clvmd-2.02.61-5.1mnb2.i586.rpm\r\n a5fa92bb7251a9f9b9a651a9d681c470 2010.1/i586/cmirror-2.02.61-5.1mnb2.i586.rpm\r\n c7281a45862b7460be4b9623165cc591 2010.1/i586/dmsetup-1.02.44-5.1mnb2.i586.rpm\r\n 98c4f715edc57a2a81631cb2ab9a824b 2010.1/i586/libdevmapper1.02-1.02.44-5.1mnb2.i586.rpm\r\n e5b0271e14e85ad94cb3e746960993b1 2010.1/i586/libdevmapper-devel-1.02.44-5.1mnb2.i586.rpm\r\n 2b83f2c3a303604e42868b074364b017 2010.1/i586/libdevmapper-event1.02-1.02.44-5.1mnb2.i586.rpm\r\n aef97aaed0fd616df5a046d9b05f55e2 2010.1/i586/libdevmapper-event-devel-1.02.44-5.1mnb2.i586.rpm\r\n 1ed885e2a23ca5f9bdaa5796615feeea 2010.1/i586/liblvm2app2.1-2.02.61-5.1mnb2.i586.rpm\r\n 9a62cea841692f4a744019664cb6b959 2010.1/i586/liblvm2cmd2.02-2.02.61-5.1mnb2.i586.rpm\r\n a1bc253b7a92b6c7b1ac96e7e2521ee3 2010.1/i586/liblvm2cmd-devel-2.02.61-5.1mnb2.i586.rpm\r\n 972c3885883f95b793e4dfaa46121685 2010.1/i586/liblvm2-devel-2.02.61-5.1mnb2.i586.rpm\r\n 08190534acaa182f48f8c2aca8b3ad31 2010.1/i586/lvm2-2.02.61-5.1mnb2.i586.rpm \r\n 3de3e283a5907efe36b7f5b9038c32a2 2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 3c33074b320e7b7651b9872674bce70b 2010.1/x86_64/clvmd-2.02.61-5.1mnb2.x86_64.rpm\r\n e0bcdee0b2f4e725bfd17b35a9959aa0 2010.1/x86_64/cmirror-2.02.61-5.1mnb2.x86_64.rpm\r\n 47c54c45f3f00ae9fe0f9176623739ac 2010.1/x86_64/dmsetup-1.02.44-5.1mnb2.x86_64.rpm\r\n 0b25f189581132d3d0bcf736f66ae4c9 2010.1/x86_64/lib64devmapper1.02-1.02.44-5.1mnb2.x86_64.rpm\r\n d3b6a286c01ed42a08301f5425d5e13b 2010.1/x86_64/lib64devmapper-devel-1.02.44-5.1mnb2.x86_64.rpm\r\n 7f0596865ef0a8baec758a106a030749 2010.1/x86_64/lib64devmapper-event1.02-1.02.44-5.1mnb2.x86_64.rpm\r\n 9346f3ad1ce7d7b9cb68ab77adf1d809 2010.1/x86_64/lib64devmapper-event-devel-1.02.44-5.1mnb2.x86_64.rpm\r\n 4c70fc76e4330e61d8b013e5f5396349 2010.1/x86_64/lib64lvm2app2.1-2.02.61-5.1mnb2.x86_64.rpm\r\n 248c9c277bd694c1c5f239f2f8dcb983 2010.1/x86_64/lib64lvm2cmd2.02-2.02.61-5.1mnb2.x86_64.rpm\r\n edd014cb4cd0a637ca2e6038d6473958 2010.1/x86_64/lib64lvm2cmd-devel-2.02.61-5.1mnb2.x86_64.rpm\r\n 5a5db48748ff8e3ad9c6fcfbab003013 2010.1/x86_64/lib64lvm2-devel-2.02.61-5.1mnb2.x86_64.rpm\r\n 8ba0060f839c48eda20db9299933f527 2010.1/x86_64/lvm2-2.02.61-5.1mnb2.x86_64.rpm \r\n 3de3e283a5907efe36b7f5b9038c32a2 2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFMhMgBmqjQ0CJFipgRAoeBAKCwND3HDmabTzsVVnJJB9Tq6+imGQCgqRAE\r\nDFyM1mq7f33nL+kHFr1LlBo=\r\n=zRsP\r\n-----END PGP SIGNATURE-----", "modified": "2010-09-12T00:00:00", "published": "2010-09-12T00:00:00", "id": "SECURITYVULNS:DOC:24716", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24716", "title": "[ MDVSA-2010:171 ] lvm2", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-05-29T14:34:25", "bulletinFamily": "unix", "description": "The lvm2-cluster package contains support for Logical Volume Management\n(LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon (clvmd)\ndid not verify the credentials of clients connecting to its control UNIX\nabstract socket, allowing local, unprivileged users to send control\ncommands that were intended to only be available to the privileged root\nuser. This could allow a local, unprivileged user to cause clvmd to exit,\nor request clvmd to activate, deactivate, or reload any logical volume on\nthe local system or another system in the cluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather than\nan abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes\nLVM to also use this pathname-based socket, must also be installed for LVM\nto be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing the\nupdated package, clvmd must be restarted for the update to take effect.\n", "modified": "2017-07-28T05:43:53", "published": "2010-07-28T04:00:00", "id": "RHSA-2010:0568", "href": "https://access.redhat.com/errata/RHSA-2010:0568", "type": "redhat", "title": "(RHSA-2010:0568) Moderate: lvm2-cluster security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:36", "bulletinFamily": "unix", "description": "The lvm2-cluster package contains support for Logical Volume Management\n(LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon (clvmd)\ndid not verify the credentials of clients connecting to its control UNIX\nabstract socket, allowing local, unprivileged users to send control\ncommands that were intended to only be available to the privileged root\nuser. This could allow a local, unprivileged user to cause clvmd to exit,\nor request clvmd to activate, deactivate, or reload any logical volume on\nthe local system or another system in the cluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather than\nan abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes\nLVM to also use this pathname-based socket, must also be installed for LVM\nto be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing the\nupdated package, clvmd must be restarted for the update to take effect.\n", "modified": "2017-09-08T12:07:06", "published": "2010-07-28T04:00:00", "id": "RHSA-2010:0567", "href": "https://access.redhat.com/errata/RHSA-2010:0567", "type": "redhat", "title": "(RHSA-2010:0567) Moderate: lvm2-cluster security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:55:33", "bulletinFamily": "scanner", "description": "Check for the Version of lvm2-cluster", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880581", "id": "OPENVAS:880581", "title": "CentOS Update for lvm2-cluster CESA-2010:0567 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for lvm2-cluster CESA-2010:0567 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The lvm2-cluster package contains support for Logical Volume Management\n (LVM) in a clustered environment.\n\n It was discovered that the cluster logical volume manager daemon (clvmd)\n did not verify the credentials of clients connecting to its control UNIX\n abstract socket, allowing local, unprivileged users to send control\n commands that were intended to only be available to the privileged root\n user. This could allow a local, unprivileged user to cause clvmd to exit,\n or request clvmd to activate, deactivate, or reload any logical volume on\n the local system or another system in the cluster. (CVE-2010-2526)\n \n Note: This update changes clvmd to use a pathname-based socket rather than\n an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes\n LVM to also use this pathname-based socket, must also be installed for LVM\n to be able to communicate with the updated clvmd.\n \n All lvm2-cluster users should upgrade to this updated package, which\n contains a backported patch to correct this issue. After installing the\n updated package, clvmd must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"lvm2-cluster on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-July/016844.html\");\n script_id(880581);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0567\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"CentOS Update for lvm2-cluster CESA-2010:0567 centos5 i386\");\n\n script_summary(\"Check for the Version of lvm2-cluster\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"lvm2-cluster\", rpm:\"lvm2-cluster~2.02.56~7.el5_5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:36", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1001-1", "modified": "2017-12-01T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840513", "id": "OPENVAS:840513", "title": "Ubuntu Update for lvm2 vulnerability USN-1001-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1001_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for lvm2 vulnerability USN-1001-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly\n validate credentials. A local user could use this flaw to manipulate\n logical volumes without root privileges and cause a denial of service in\n the cluster.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1001-1\";\ntag_affected = \"lvm2 vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1001-1/\");\n script_id(840513);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1001-1\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Ubuntu Update for lvm2 vulnerability USN-1001-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.39-0ubuntu11.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.39-0ubuntu11.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.39-0ubuntu11.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.02-1ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.02-1ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.02-1ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.54-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dmsetup\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper-dev\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper-event1.02.1\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper1.02.1\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.54-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dmeventd\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dmsetup-udeb\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper1.02.1-udeb\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.54-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.39-0ubuntu9.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.39-0ubuntu9.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.39-0ubuntu9.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.26-1ubuntu9.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.26-1ubuntu9.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.26-1ubuntu9.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update to lvm2\nannounced via advisory DSA 2095-1.", "modified": "2017-07-07T00:00:00", "published": "2010-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67982", "id": "OPENVAS:67982", "title": "Debian Security Advisory DSA 2095-1 (lvm2)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2095_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2095-1 (lvm2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alasdair Kergon discovered that the cluster logical volume manager daemon\n(clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client\ncredentials upon a socket connection, which allows local users to cause a\ndenial of service.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.02.39-8\n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.02.66-3\n\n\nWe recommend that you upgrade your lvm2 package.\";\ntag_summary = \"The remote host is missing an update to lvm2\nannounced via advisory DSA 2095-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202095-1\";\n\n\nif(description)\n{\n script_id(67982);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Debian Security Advisory DSA 2095-1 (lvm2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.39-8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.39-8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:11:18", "bulletinFamily": "scanner", "description": "Check for the Version of lvm2", "modified": "2017-12-08T00:00:00", "published": "2010-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831147", "id": "OPENVAS:831147", "title": "Mandriva Update for lvm2 MDVSA-2010:171 (lvm2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for lvm2 MDVSA-2010:171 (lvm2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in lvm2:\n\n The cluster logical volume manager daemon (clvmd) in lvm2-cluster\n in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)\n and other products, does not verify client credentials upon a socket\n connection, which allows local users to cause a denial of service\n (daemon exit or logical-volume change) or possibly have unspecified\n other impact via crafted control commands (CVE-2010-2526).\n\n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"lvm2 on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00004.php\");\n script_id(831147);\n script_version(\"$Revision: 8037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 07:32:03 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 15:09:12 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:171\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Mandriva Update for lvm2 MDVSA-2010:171 (lvm2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lvm2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"clvmd\", rpm:\"clvmd~2.02.53~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dmsetup\", rpm:\"dmsetup~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevmapper1.02\", rpm:\"libdevmapper1.02~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevmapper-devel\", rpm:\"libdevmapper-devel~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevmapper-event1.02\", rpm:\"libdevmapper-event1.02~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libdevmapper-event-devel\", rpm:\"libdevmapper-event-devel~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblvm2cmd2.02\", rpm:\"liblvm2cmd2.02~2.02.53~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"liblvm2cmd-devel\", rpm:\"liblvm2cmd-devel~2.02.53~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lvm2\", rpm:\"lvm2~2.02.53~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devmapper1.02\", rpm:\"lib64devmapper1.02~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devmapper-devel\", rpm:\"lib64devmapper-devel~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devmapper-event1.02\", rpm:\"lib64devmapper-event1.02~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64devmapper-event-devel\", rpm:\"lib64devmapper-event-devel~1.02.38~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64lvm2cmd2.02\", rpm:\"lib64lvm2cmd2.02~2.02.53~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64lvm2cmd-devel\", rpm:\"lib64lvm2cmd-devel~2.02.53~9.2mnb2\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"clvmd\", rpm:\"clvmd~2.02.33~8.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lvm2\", rpm:\"lvm2~2.02.33~8.1mnb2\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-17T11:05:29", "bulletinFamily": "scanner", "description": "Check for the Version of lvm2", "modified": "2018-01-16T00:00:00", "published": "2010-09-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862402", "id": "OPENVAS:1361412562310862402", "type": "openvas", "title": "Fedora Update for lvm2 FEDORA-2010-13708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lvm2 FEDORA-2010-13708\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"lvm2 on Fedora 13\";\ntag_insight = \"LVM2 includes all of the support for handling read/write operations on\n physical volumes (hard disks, RAID-Systems, magneto optical, etc.,\n multiple devices (MD), see mdadd(8) or even loop devices, see\n losetup(8)), creating volume groups (kind of virtual disks) from one\n or more physical volumes and creating one or more logical volumes\n (kind of logical partitions) in volume groups.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047499.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862402\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-13708\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Fedora Update for lvm2 FEDORA-2010-13708\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lvm2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"lvm2\", rpm:\"lvm2~2.02.73~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:09", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1001-1", "modified": "2018-01-09T00:00:00", "published": "2010-10-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840513", "id": "OPENVAS:1361412562310840513", "title": "Ubuntu Update for lvm2 vulnerability USN-1001-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1001_1.nasl 8338 2018-01-09 08:00:38Z teissa $\n#\n# Ubuntu Update for lvm2 vulnerability USN-1001-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly\n validate credentials. A local user could use this flaw to manipulate\n logical volumes without root privileges and cause a denial of service in\n the cluster.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1001-1\";\ntag_affected = \"lvm2 vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1001-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840513\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1001-1\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Ubuntu Update for lvm2 vulnerability USN-1001-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.39-0ubuntu11.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.39-0ubuntu11.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.39-0ubuntu11.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.02-1ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.02-1ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.02-1ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.54-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dmsetup\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper-dev\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper-event1.02.1\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper1.02.1\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.54-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dmeventd\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dmsetup-udeb\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdevmapper1.02.1-udeb\", ver:\"1.02.39-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.54-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.39-0ubuntu9.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.39-0ubuntu9.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.39-0ubuntu9.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.26-1ubuntu9.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.26-1ubuntu9.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"lvm2-udeb\", ver:\"2.02.26-1ubuntu9.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0567", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122338", "title": "Oracle Linux Local Check: ELSA-2010-0567", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0567.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122338\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0567\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0567 - lvm2-cluster security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0567\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0567.html\");\n script_cve_id(\"CVE-2010-2526\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"lvm2-cluster\", rpm:\"lvm2-cluster~2.02.56~7.el5_5.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-18T10:58:18", "bulletinFamily": "scanner", "description": "Check for the Version of udisks", "modified": "2017-12-18T00:00:00", "published": "2010-09-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862403", "id": "OPENVAS:862403", "title": "Fedora Update for udisks FEDORA-2010-13708", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for udisks FEDORA-2010-13708\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"udisks on Fedora 13\";\ntag_insight = \"udisks provides a daemon, D-Bus API and command line tools\n for managing disks and storage devices.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047498.html\");\n script_id(862403);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-13708\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Fedora Update for udisks FEDORA-2010-13708\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of udisks\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"udisks\", rpm:\"udisks~1.0.1~4.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:05:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update to lvm2\nannounced via advisory DSA 2095-1.", "modified": "2018-01-04T00:00:00", "published": "2010-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067982", "id": "OPENVAS:136141256231067982", "type": "openvas", "title": "Debian Security Advisory DSA 2095-1 (lvm2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2095_1.nasl 8287 2018-01-04 07:28:11Z teissa $\n# Description: Auto-generated from advisory DSA 2095-1 (lvm2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alasdair Kergon discovered that the cluster logical volume manager daemon\n(clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client\ncredentials upon a socket connection, which allows local users to cause a\ndenial of service.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.02.39-8\n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.02.66-3\n\n\nWe recommend that you upgrade your lvm2 package.\";\ntag_summary = \"The remote host is missing an update to lvm2\nannounced via advisory DSA 2095-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202095-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67982\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-10 19:35:00 +0200 (Sun, 10 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Debian Security Advisory DSA 2095-1 (lvm2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"clvm\", ver:\"2.02.39-8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lvm2\", ver:\"2.02.39-8\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T10:54:46", "bulletinFamily": "scanner", "description": "Check for the Version of lvm2", "modified": "2018-01-24T00:00:00", "published": "2010-12-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862688", "id": "OPENVAS:1361412562310862688", "type": "openvas", "title": "Fedora Update for lvm2 FEDORA-2010-13239", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lvm2 FEDORA-2010-13239\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"lvm2 on Fedora 14\";\ntag_insight = \"LVM2 includes all of the support for handling read/write operations on\n physical volumes (hard disks, RAID-Systems, magneto optical, etc.,\n multiple devices (MD), see mdadd(8) or even loop devices, see\n losetup(8)), creating volume groups (kind of virtual disks) from one\n or more physical volumes and creating one or more logical volumes\n (kind of logical partitions) in volume groups.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046866.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862688\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-13239\");\n script_cve_id(\"CVE-2010-2526\");\n script_name(\"Fedora Update for lvm2 FEDORA-2010-13239\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of lvm2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"lvm2\", rpm:\"lvm2~2.02.73~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-12-13T06:41:04", "bulletinFamily": "scanner", "description": "An updated lvm2-cluster package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe lvm2-cluster package contains support for Logical Volume\nManagement (LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon\n(clvmd) did not verify the credentials of clients connecting to its\ncontrol UNIX abstract socket, allowing local, unprivileged users to\nsend control commands that were intended to only be available to the\nprivileged root user. This could allow a local, unprivileged user to\ncause clvmd to exit, or request clvmd to activate, deactivate, or\nreload any logical volume on the local system or another system in the\ncluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather\nthan an abstract socket. As such, the lvm2 update RHBA-2010:0569,\nwhich changes LVM to also use this pathname-based socket, must also be\ninstalled for LVM to be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing\nthe updated package, clvmd must be restarted for the update to take\neffect.", "modified": "2019-12-02T00:00:00", "id": "CENTOS_RHSA-2010-0567.NASL", "href": "https://www.tenable.com/plugins/nessus/47903", "published": "2010-07-30T00:00:00", "title": "CentOS 5 : lvm2-cluster (CESA-2010:0567)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0567 and \n# CentOS Errata and Security Advisory 2010:0567 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47903);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_xref(name:\"RHSA\", value:\"2010:0567\");\n\n script_name(english:\"CentOS 5 : lvm2-cluster (CESA-2010:0567)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated lvm2-cluster package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe lvm2-cluster package contains support for Logical Volume\nManagement (LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon\n(clvmd) did not verify the credentials of clients connecting to its\ncontrol UNIX abstract socket, allowing local, unprivileged users to\nsend control commands that were intended to only be available to the\nprivileged root user. This could allow a local, unprivileged user to\ncause clvmd to exit, or request clvmd to activate, deactivate, or\nreload any logical volume on the local system or another system in the\ncluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather\nthan an abstract socket. As such, the lvm2 update RHBA-2010:0569,\nwhich changes LVM to also use this pathname-based socket, must also be\ninstalled for LVM to be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing\nthe updated package, clvmd must be restarted for the update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18b4f653\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-July/016845.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?33dc4eb5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lvm2-cluster package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lvm2-cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"lvm2-cluster-2.02.56-7.el5_5.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lvm2-cluster\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:05:43", "bulletinFamily": "scanner", "description": "A vulnerability has been found and corrected in lvm2 :\n\nThe cluster logical volume manager daemon (clvmd) in lvm2-cluster in\nLVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and\nother products, does not verify client credentials upon a socket\nconnection, which allows local users to cause a denial of service\n(daemon exit or logical-volume change) or possibly have unspecified\nother impact via crafted control commands (CVE-2010-2526).\n\nThe updated packages have been patched to correct this issue.", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2010-171.NASL", "href": "https://www.tenable.com/plugins/nessus/49117", "published": "2010-09-07T00:00:00", "title": "Mandriva Linux Security Advisory : lvm2 (MDVSA-2010:171)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:171. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49117);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:53\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_bugtraq_id(42033);\n script_xref(name:\"MDVSA\", value:\"2010:171\");\n\n script_name(english:\"Mandriva Linux Security Advisory : lvm2 (MDVSA-2010:171)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in lvm2 :\n\nThe cluster logical volume manager daemon (clvmd) in lvm2-cluster in\nLVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and\nother products, does not verify client credentials upon a socket\nconnection, which allows local users to cause a denial of service\n(daemon exit or logical-volume change) or possibly have unspecified\nother impact via crafted control commands (CVE-2010-2526).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:clvmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:cmirror\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:dmsetup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devmapper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devmapper-event-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devmapper-event1.02\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64devmapper1.02\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lvm2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lvm2app2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lvm2cmd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lvm2cmd2.02\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevmapper-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevmapper-event-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevmapper-event1.02\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdevmapper1.02\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblvm2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblvm2app2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblvm2cmd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblvm2cmd2.02\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.1\", reference:\"clvmd-2.02.33-8.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"lvm2-2.02.33-8.1mnb2\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"clvmd-2.02.53-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"dmsetup-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64devmapper-devel-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64devmapper-event-devel-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64devmapper-event1.02-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64devmapper1.02-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64lvm2cmd-devel-2.02.53-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64lvm2cmd2.02-2.02.53-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libdevmapper-devel-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libdevmapper-event-devel-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libdevmapper-event1.02-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libdevmapper1.02-1.02.38-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"liblvm2cmd-devel-2.02.53-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"liblvm2cmd2.02-2.02.53-9.2mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"lvm2-2.02.53-9.2mnb2\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"clvmd-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"cmirror-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"dmsetup-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64devmapper-devel-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64devmapper-event-devel-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64devmapper-event1.02-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64devmapper1.02-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64lvm2-devel-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64lvm2app2.1-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64lvm2cmd-devel-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64lvm2cmd2.02-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libdevmapper-devel-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libdevmapper-event-devel-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libdevmapper-event1.02-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libdevmapper1.02-1.02.44-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"liblvm2-devel-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"liblvm2app2.1-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"liblvm2cmd-devel-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"liblvm2cmd2.02-2.02.61-5.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"lvm2-2.02.61-5.1mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:20:50", "bulletinFamily": "scanner", "description": "clvmd allowed unprivileged users to issue arbitrary lvm commands\n(CVE-2010-2526).", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_1_LVM2-100812.NASL", "href": "https://www.tenable.com/plugins/nessus/49256", "published": "2010-09-16T00:00:00", "title": "openSUSE Security Update : lvm2 (openSUSE-SU-2010:0615-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lvm2-2920.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49256);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2010-2526\");\n\n script_name(english:\"openSUSE Security Update : lvm2 (openSUSE-SU-2010:0615-1)\");\n script_summary(english:\"Check for the lvm2-2920 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"clvmd allowed unprivileged users to issue arbitrary lvm commands\n(CVE-2010-2526).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00021.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lvm2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lvm2-clvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"lvm2-2.02.39-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"lvm2-clvm-2.02.39-8.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lvm2-clvm\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:21:36", "bulletinFamily": "scanner", "description": "clvmd, when running, allowed unprivileged local users to issue\narbitrary lvm commands (CVE-2010-2526) via incorrect permissions. This\nhas been fixed.", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_LVM2-CLVM2-100820.NASL", "href": "https://www.tenable.com/plugins/nessus/51625", "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : LVM2 (SAT Patch Number 2982)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51625);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-2526\");\n\n script_name(english:\"SuSE 11.1 Security Update : LVM2 (SAT Patch Number 2982)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"clvmd, when running, allowed unprivileged local users to issue\narbitrary lvm commands (CVE-2010-2526) via incorrect permissions. This\nhas been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2526.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2982.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"lvm2-2.02.39-18.31.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"lvm2-2.02.39-18.31.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"lvm2-2.02.39-18.31.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:44:24", "bulletinFamily": "scanner", "description": "The cluster logical volume manager daemon (clvmd) in LVM2 did not\ncorrectly validate credentials. A local user could use this flaw to\nmanipulate logical volumes without root privileges and cause a denial\nof service in the cluster.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "UBUNTU_USN-1001-1.NASL", "href": "https://www.tenable.com/plugins/nessus/49791", "published": "2010-10-07T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lvm2 vulnerability (USN-1001-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1001-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49791);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_bugtraq_id(42033);\n script_xref(name:\"USN\", value:\"1001-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : lvm2 vulnerability (USN-1001-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cluster logical volume manager daemon (clvmd) in LVM2 did not\ncorrectly validate credentials. A local user could use this flaw to\nmanipulate logical volumes without root privileges and cause a denial\nof service in the cluster.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1001-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:clvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dmeventd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dmsetup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdevmapper-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdevmapper-event1.02.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdevmapper1.02.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"clvm\", pkgver:\"2.02.02-1ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"lvm2\", pkgver:\"2.02.02-1ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"clvm\", pkgver:\"2.02.26-1ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"lvm2\", pkgver:\"2.02.26-1ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"clvm\", pkgver:\"2.02.39-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"lvm2\", pkgver:\"2.02.39-0ubuntu9.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"clvm\", pkgver:\"2.02.39-0ubuntu11.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"lvm2\", pkgver:\"2.02.39-0ubuntu11.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"clvm\", pkgver:\"2.02.54-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"dmeventd\", pkgver:\"1.02.39-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"dmsetup\", pkgver:\"1.02.39-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libdevmapper-dev\", pkgver:\"1.02.39-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libdevmapper-event1.02.1\", pkgver:\"1.02.39-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libdevmapper1.02.1\", pkgver:\"1.02.39-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"lvm2\", pkgver:\"2.02.54-1ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"clvm / dmeventd / dmsetup / libdevmapper-dev / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:53:04", "bulletinFamily": "scanner", "description": "An updated lvm2-cluster package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe lvm2-cluster package contains support for Logical Volume\nManagement (LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon\n(clvmd) did not verify the credentials of clients connecting to its\ncontrol UNIX abstract socket, allowing local, unprivileged users to\nsend control commands that were intended to only be available to the\nprivileged root user. This could allow a local, unprivileged user to\ncause clvmd to exit, or request clvmd to activate, deactivate, or\nreload any logical volume on the local system or another system in the\ncluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather\nthan an abstract socket. As such, the lvm2 update RHBA-2010:0569,\nwhich changes LVM to also use this pathname-based socket, must also be\ninstalled for LVM to be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing\nthe updated package, clvmd must be restarted for the update to take\neffect.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2010-0567.NASL", "href": "https://www.tenable.com/plugins/nessus/63941", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : lvm2-cluster (RHSA-2010:0567)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0567. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63941);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:15\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_xref(name:\"RHSA\", value:\"2010:0567\");\n\n script_name(english:\"RHEL 5 : lvm2-cluster (RHSA-2010:0567)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated lvm2-cluster package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe lvm2-cluster package contains support for Logical Volume\nManagement (LVM) in a clustered environment.\n\nIt was discovered that the cluster logical volume manager daemon\n(clvmd) did not verify the credentials of clients connecting to its\ncontrol UNIX abstract socket, allowing local, unprivileged users to\nsend control commands that were intended to only be available to the\nprivileged root user. This could allow a local, unprivileged user to\ncause clvmd to exit, or request clvmd to activate, deactivate, or\nreload any logical volume on the local system or another system in the\ncluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather\nthan an abstract socket. As such, the lvm2 update RHBA-2010:0569,\nwhich changes LVM to also use this pathname-based socket, must also be\ninstalled for LVM to be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing\nthe updated package, clvmd must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0567.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lvm2-cluster package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lvm2-cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"lvm2-cluster-2.02.56-7.el5_5.4\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"lvm2-cluster-2.02.56-7.el5_5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:03:18", "bulletinFamily": "scanner", "description": "This update addresses a security problem when using the clustered LVM\ndaemon clvmd from the package lvm2-cluster on systems where you have\nnon-root users.\n\nThe lvm2 package on its own is not vulnerable to this problem but if\nyou are using lvm2-cluster you must update both together.\n\nFurther details are given in the Red Hat Bugzilla:\nhttps://bugzilla.redhat.com/CVE-2010-2526\n\nAfter updating the packages, make sure that clvmd restarted itself.\n\nThis update also includes several other important bug fixes - see the\ndetailed changelog.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2010-12250.NASL", "href": "https://www.tenable.com/plugins/nessus/49677", "published": "2010-09-27T00:00:00", "title": "Fedora 12 : lvm2-2.02.72-4.fc12 (2010-12250)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49677);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:31\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_bugtraq_id(42033);\n script_xref(name:\"FEDORA\", value:\"2010-12250\");\n\n script_name(english:\"Fedora 12 : lvm2-2.02.72-4.fc12 (2010-12250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a security problem when using the clustered LVM\ndaemon clvmd from the package lvm2-cluster on systems where you have\nnon-root users.\n\nThe lvm2 package on its own is not vulnerable to this problem but if\nyou are using lvm2-cluster you must update both together.\n\nFurther details are given in the Red Hat Bugzilla:\nhttps://bugzilla.redhat.com/CVE-2010-2526\n\nAfter updating the packages, make sure that clvmd restarted itself.\n\nThis update also includes several other important bug fixes - see the\ndetailed changelog.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://bugzilla.redhat.com/CVE-2010-2526\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614248\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/048417.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2552094e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lvm2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"lvm2-2.02.72-4.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lvm2\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:03:19", "bulletinFamily": "scanner", "description": "This update addresses a security problem when using the clustered LVM\ndaemon clvmd from the package lvm2-cluster on systems where you have\nnon-root users. The lvm2 package on its own is not vulnerable to this\nproblem but if you are using lvm2-cluster you must update both\ntogether. Further details are given in the Red Hat Bugzilla:\nhttps://bugzilla.redhat.com/CVE-2010-2526 After updating the packages,\nmake sure that clvmd restarted itself. This update also includes\nseveral other important bug fixes and enhancements - see the detailed\nchangelog.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2010-13708.NASL", "href": "https://www.tenable.com/plugins/nessus/49194", "published": "2010-09-12T00:00:00", "title": "Fedora 13 : lvm2-2.02.73-2.fc13 / udisks-1.0.1-4.fc13 (2010-13708)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13708.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49194);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:31\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_bugtraq_id(42033);\n script_xref(name:\"FEDORA\", value:\"2010-13708\");\n\n script_name(english:\"Fedora 13 : lvm2-2.02.73-2.fc13 / udisks-1.0.1-4.fc13 (2010-13708)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses a security problem when using the clustered LVM\ndaemon clvmd from the package lvm2-cluster on systems where you have\nnon-root users. The lvm2 package on its own is not vulnerable to this\nproblem but if you are using lvm2-cluster you must update both\ntogether. Further details are given in the Red Hat Bugzilla:\nhttps://bugzilla.redhat.com/CVE-2010-2526 After updating the packages,\nmake sure that clvmd restarted itself. This update also includes\nseveral other important bug fixes and enhancements - see the detailed\nchangelog.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://bugzilla.redhat.com/CVE-2010-2526\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=614248\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047498.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d79a90e2\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047499.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ae48cbf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lvm2 and / or udisks packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:udisks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"lvm2-2.02.73-2.fc13\")) flag++;\nif (rpm_check(release:\"FC13\", reference:\"udisks-1.0.1-4.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lvm2 / udisks\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:13:05", "bulletinFamily": "scanner", "description": "It was discovered that the cluster logical volume manager daemon\n(clvmd) did not verify the credentials of clients connecting to its\ncontrol UNIX abstract socket, allowing local, unprivileged users to\nsend control commands that were intended to only be available to the\nprivileged root user. This could allow a local, unprivileged user to\ncause clvmd to exit, or request clvmd to activate, deactivate, or\nreload any logical volume on the local system or another system in the\ncluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather\nthan an abstract socket. As such, the lvm2 update 2010:0569, which\nchanges LVM to also use this pathname-based socket, must also be\ninstalled for LVM to be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing\nthe updated package, clvmd must be restarted for the update to take\neffect.\n\n5. Bugs fixed\n\nCVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2\nand clvmd\n\n6. Package List :", "modified": "2019-12-02T00:00:00", "id": "SL_20100728_LVM2_CLUSTER_LVM2_FOR_SL5.NASL", "href": "https://www.tenable.com/plugins/nessus/60824", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : lvm2-cluster,lvm2 for SL5", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60824);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2010-2526\");\n\n script_name(english:\"Scientific Linux Security Update : lvm2-cluster,lvm2 for SL5\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the cluster logical volume manager daemon\n(clvmd) did not verify the credentials of clients connecting to its\ncontrol UNIX abstract socket, allowing local, unprivileged users to\nsend control commands that were intended to only be available to the\nprivileged root user. This could allow a local, unprivileged user to\ncause clvmd to exit, or request clvmd to activate, deactivate, or\nreload any logical volume on the local system or another system in the\ncluster. (CVE-2010-2526)\n\nNote: This update changes clvmd to use a pathname-based socket rather\nthan an abstract socket. As such, the lvm2 update 2010:0569, which\nchanges LVM to also use this pathname-based socket, must also be\ninstalled for LVM to be able to communicate with the updated clvmd.\n\nAll lvm2-cluster users should upgrade to this updated package, which\ncontains a backported patch to correct this issue. After installing\nthe updated package, clvmd must be restarted for the update to take\neffect.\n\n5. Bugs fixed\n\nCVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2\nand clvmd\n\n6. Package List :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1007&L=scientific-linux-errata&T=0&P=3592\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ffa71fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lvm2 and / or lvm2-cluster packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"lvm2-2.02.56-8.el5_5.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"lvm2-cluster-2.02.56-7.el5_5.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:51:09", "bulletinFamily": "scanner", "description": "Alasdair Kergon discovered that the cluster logical volume manager\ndaemon (clvmd) in LVM2, The Linux Logical Volume Manager, does not\nverify client credentials upon a socket connection, which allows local\nusers to cause a denial of service.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-2095.NASL", "href": "https://www.tenable.com/plugins/nessus/48895", "published": "2010-08-27T00:00:00", "title": "Debian DSA-2095-1 : lvm2 - insecure communication protocol", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2095. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48895);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:22\");\n\n script_cve_id(\"CVE-2010-2526\");\n script_bugtraq_id(42033);\n script_xref(name:\"DSA\", value:\"2095\");\n\n script_name(english:\"Debian DSA-2095-1 : lvm2 - insecure communication protocol\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alasdair Kergon discovered that the cluster logical volume manager\ndaemon (clvmd) in LVM2, The Linux Logical Volume Manager, does not\nverify client credentials upon a socket connection, which allows local\nusers to cause a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2095\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lvm2 package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.02.39-8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lvm2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"clvm\", reference:\"2.02.39-8\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"lvm2\", reference:\"2.02.39-8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2095-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nAugust 23, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lvm2\nVulnerability : insecure communication protocol\nProblem type : local\nDebian-specific: no\nCVE Id : CVE-2010-2526\nDebian Bug : 591204\n\n\nAlasdair Kergon discovered that the cluster logical volume manager daemon\n(clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client\ncredentials upon a socket connection, which allows local users to cause a\ndenial of service.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.02.39-8\n\nFor the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.02.66-3\n\n\nWe recommend that you upgrade your lvm2 package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8.diff.gz\n Size/MD5 checksum: 17393 fb9151fdf32540e15eb245389d9d5903\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39.orig.tar.gz\n Size/MD5 checksum: 594342 1450ae55a89ea98e4ea51ad7f4ba22d4\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8.dsc\n Size/MD5 checksum: 1132 a0c84982012567f3ca824e7bdeae7637\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_alpha.deb\n Size/MD5 checksum: 256566 c326b8e851c0f32cbe8691b01cc11984\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_alpha.deb\n Size/MD5 checksum: 384348 8d1385a4f8337c5526f3304c6fec1f51\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_alpha.udeb\n Size/MD5 checksum: 245390 e462d169578ba15401c90dd77760b38d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_amd64.udeb\n Size/MD5 checksum: 225468 8c8e5331e9ddb80e616ae52e766007fd\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_amd64.deb\n Size/MD5 checksum: 237884 a0125354fa125136d2f9ec3de006cdc2\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_amd64.deb\n Size/MD5 checksum: 365790 dcc943057cd272357b6650f1eefac73a\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_armel.udeb\n Size/MD5 checksum: 234540 b88dd34c0908a28233d5eadd04f85efa\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_armel.deb\n Size/MD5 checksum: 366242 4c76f36b042cf9623f0083bb805133f6\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_armel.deb\n Size/MD5 checksum: 237448 c8da5e5304588fc15c99b544f04e146c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_hppa.deb\n Size/MD5 checksum: 392908 6b16252cf68e7059f1e30a9e476f94e8\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_hppa.deb\n Size/MD5 checksum: 260256 091ed1a82e45c00754a95caa6b0baa6f\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_hppa.udeb\n Size/MD5 checksum: 255674 2637ecd324df5ea0fc623feb19d1d306\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_i386.deb\n Size/MD5 checksum: 355436 9d02ac68e55be8eef8d0ea1ce6b20b43\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_i386.deb\n Size/MD5 checksum: 226510 f52a7348863979ed12844154c4573c10\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_i386.udeb\n Size/MD5 checksum: 208860 df9af70565f01b89e4b2739352f78222\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_ia64.udeb\n Size/MD5 checksum: 322386 5ae8fba02689e5b9a694aef1dbb13057\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_ia64.deb\n Size/MD5 checksum: 480774 2c556d7af51ddab5a44b2d6e5d6b3bd7\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_ia64.deb\n Size/MD5 checksum: 329042 f7942af707e8751aa0b4839405e82483\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_mips.deb\n Size/MD5 checksum: 232164 9fe857ac073303976e7fc855381564ac\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_mips.udeb\n Size/MD5 checksum: 225760 f714be0414b5a2da553723bcbf86936d\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_mips.deb\n Size/MD5 checksum: 356294 5e61467dee584f182c860a32c2d307b9\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_mipsel.deb\n Size/MD5 checksum: 354690 47619b026ff026c16b4cc140bc6c94d0\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_mipsel.udeb\n Size/MD5 checksum: 225336 cee7c70a03aab11246400022a122e250\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_mipsel.deb\n Size/MD5 checksum: 231334 5a661a87a3d8ec350616d7d248567272\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_powerpc.deb\n Size/MD5 checksum: 245820 ef94fd14b4386668bf0ab1e76fb661ce\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_powerpc.udeb\n Size/MD5 checksum: 223004 da5e2c560409f2463fe5032640accd17\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_powerpc.deb\n Size/MD5 checksum: 372636 8514f410e8a3a6060d4cf4f9798f0918\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_s390.deb\n Size/MD5 checksum: 381192 4c81fd3daec2c429851d8e697351fce6\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_s390.deb\n Size/MD5 checksum: 251920 413ae367df9f54c8f27f79287f0aa75d\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_s390.udeb\n Size/MD5 checksum: 247930 75c9a32ada8454709f9696fb2c18109f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_sparc.deb\n Size/MD5 checksum: 229496 e5858c5018f21cd34b0d2d27accb8042\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_sparc.deb\n Size/MD5 checksum: 353842 06efa3d5cb736deb80499c2ed393902e\n http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_sparc.udeb\n Size/MD5 checksum: 223984 76a8e6c8de5400c6a41e8923b7f12509\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-08-23T10:13:09", "published": "2010-08-23T10:13:09", "id": "DEBIAN:DSA-2095-1:1B07A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00141.html", "title": "[SECURITY] [DSA 2095-1] New lvm2 packages fix denial of service", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "unix", "description": "[2.02.56-el5_5.4]\n- CVE-2010-2526: Fix insecurity when communicating between lvm2 and clvmd.\n Resolves: #616044 ", "modified": "2010-07-28T00:00:00", "published": "2010-07-28T00:00:00", "id": "ELSA-2010-0567", "href": "http://linux.oracle.com/errata/ELSA-2010-0567.html", "title": "lvm2-cluster security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
