4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
lvm2-cluster is vulnerable to denial of service. It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster.
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
secunia.com/advisories/40759
securitytracker.com/id?1024258
www.osvdb.org/66753
www.redhat.com/security/updates/classification/#moderate
www.ubuntu.com/usn/USN-1001-1
www.vupen.com/english/advisories/2010/1944
access.redhat.com/errata/RHSA-2010:0568
bugzilla.redhat.com/show_bug.cgi?id=614248
exchange.xforce.ibmcloud.com/vulnerabilities/60809
rhn.redhat.com/errata/RHSA-2010-0567.html
rhn.redhat.com/errata/RHSA-2010-0568.html
www.redhat.com/archives/linux-lvm/2010-July/msg00083.html