Lucene search

K

[email protected]NVD:CVE-2010-2526

HistoryAug 05, 2010 - 1:22 p.m.

CVE-2010-2526

2010-08-0513:22:29

CWE-287

[email protected]

web.nvd.nist.gov

1

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

Affected configurations

NVD

Node

heinz_mauelshagenlvm2Range≤2.02.71

OR

heinz_mauelshagenlvm2Match2.02.50

OR

heinz_mauelshagenlvm2Match2.02.51

OR

heinz_mauelshagenlvm2Match2.02.52

OR

heinz_mauelshagenlvm2Match2.02.53

OR

heinz_mauelshagenlvm2Match2.02.54

OR

heinz_mauelshagenlvm2Match2.02.55

OR

heinz_mauelshagenlvm2Match2.02.56

OR

heinz_mauelshagenlvm2Match2.02.57

OR

heinz_mauelshagenlvm2Match2.02.58

OR

heinz_mauelshagenlvm2Match2.02.59

OR

heinz_mauelshagenlvm2Match2.02.60

OR

heinz_mauelshagenlvm2Match2.02.61

OR

heinz_mauelshagenlvm2Match2.02.62

OR

heinz_mauelshagenlvm2Match2.02.63

OR

heinz_mauelshagenlvm2Match2.02.64

OR

heinz_mauelshagenlvm2Match2.02.65

OR

heinz_mauelshagenlvm2Match2.02.66

OR

heinz_mauelshagenlvm2Match2.02.67

OR

heinz_mauelshagenlvm2Match2.02.68

OR

heinz_mauelshagenlvm2Match2.02.69

OR

heinz_mauelshagenlvm2Match2.02.70

AND

redhatcluster_suite

OR

redhatenterprise_linuxMatch3

OR

redhatenterprise_linuxMatch3.0

OR

redhatenterprise_linuxMatch4

OR

redhatenterprise_linuxMatch4.0

OR

redhatenterprise_linuxMatch5advanced_platform

References

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

secunia.com/advisories/40759

securitytracker.com/id?1024258

www.osvdb.org/66753

www.ubuntu.com/usn/USN-1001-1

www.vupen.com/english/advisories/2010/1944

bugzilla.redhat.com/show_bug.cgi?id=614248

exchange.xforce.ibmcloud.com/vulnerabilities/60809

rhn.redhat.com/errata/RHSA-2010-0567.html

rhn.redhat.com/errata/RHSA-2010-0568.html

www.redhat.com/archives/linux-lvm/2010-July/msg00083.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2010-2526

oraclelinux1 redhat2 nessus14 openvas18 centos1 ubuntu1 veracode1 cve1 fedora4 debian2 ubuntucve1 debiancve1 securityvulns1 prion1 osv1 cvelist1 gentoo1