Lucene search
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2010-13239.NASLHistorySep 02, 2010 - 12:00 a.m.
Fedora 14 : lvm2-2.02.73-1.fc14 (2010-13239)
2010-09-0200:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
This update fixes some minor problems as listed in the changelog. To improve performance, Logical Volumes will be aligned at 1MB boundaries by default now on any newly-created Physical Volumes that don’t report a preferred alignment to the O/S. This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details are given in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526 After updating the packages, make sure that clvmd restarted itself. This update also includes several other important bug fixes - see the detailed changelog.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2010-13239.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(49074);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2010-2526");
script_bugtraq_id(42033);
script_xref(name:"FEDORA", value:"2010-13239");
script_name(english:"Fedora 14 : lvm2-2.02.73-1.fc14 (2010-13239)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes some minor problems as listed in the changelog. To
improve performance, Logical Volumes will be aligned at 1MB boundaries
by default now on any newly-created Physical Volumes that don't report
a preferred alignment to the O/S. This update addresses a security
problem when using the clustered LVM daemon clvmd from the package
lvm2-cluster on systems where you have non-root users. The lvm2
package on its own is not vulnerable to this problem but if you are
using lvm2-cluster you must update both together. Further details are
given in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526 After updating the packages,
make sure that clvmd restarted itself. This update also includes
several other important bug fixes - see the detailed changelog.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# https://bugzilla.redhat.com/CVE-2010-2526
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=614248"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046866.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?bfe41adf"
);
script_set_attribute(attribute:"solution", value:"Update the affected lvm2 package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lvm2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
script_set_attribute(attribute:"patch_publication_date", value:"2010/08/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC14", reference:"lvm2-2.02.73-1.fc14")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lvm2");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | lvm2 | p-cpe:/a:fedoraproject:fedora:lvm2 |
| fedoraproject | fedora | 14 | cpe:/o:fedoraproject:fedora:14 |
Related
openvas
openvas
Debian Security Advisory DSA 2095-1 (lvm2)
2010-10-10 00:00:00
Fedora Update for lvm2 FEDORA-2010-13239
2010-12-02 00:00:00
CentOS Update for lvm2-cluster CESA-2010:0567 centos5 i386
2011-08-09 00:00:00
nessus
nessus
SuSE 11.1 Security Update : LVM2 (SAT Patch Number 2982)
2011-01-21 00:00:00
Mandriva Linux Security Advisory : lvm2 (MDVSA-2010:171)
2010-09-07 00:00:00
Oracle Linux 5 : lvm2-cluster (ELSA-2010-0567)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: udisks-1.0.1-4.fc13
2010-09-11 09:01:07
[SECURITY] Fedora 13 Update: lvm2-2.02.73-2.fc13
2010-09-11 09:01:07
[SECURITY] Fedora 14 Update: lvm2-2.02.73-1.fc14
2010-09-02 03:57:01
cve
cve
CVE-2010-2526
2010-08-05 13:22:00
redhat
redhat
(RHSA-2010:0568) Moderate: lvm2-cluster security update
2010-07-28 00:00:00
(RHSA-2010:0567) Moderate: lvm2-cluster security update
2010-07-28 00:00:00
debian
debian
[SECURITY] [DSA 2095-1] New lvm2 packages fix denial of service
2010-08-23 10:12:46
[SECURITY] [DSA 2095-1] New lvm2 packages fix denial of service
2010-08-23 10:12:46
debiancve
debiancve
CVE-2010-2526
2010-08-05 13:22:00
ubuntucve
ubuntucve
CVE-2010-2526
2010-08-05 00:00:00
prion
prion
Design/Logic Flaw
2010-08-05 13:22:00
securityvulns
securityvulns
[ MDVSA-2010:171 ] lvm2
2010-09-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:46:28
oraclelinux
oraclelinux
lvm2-cluster security update
2010-07-28 00:00:00
ubuntu
ubuntu
LVM2 vulnerability
2010-10-06 00:00:00
centos
centos
lvm2 security update
2010-07-29 13:37:04
osv
osv
lvm2 - denial of service
2010-08-23 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
Related for FEDORA_2010-13239.NASL