Denial Of Service (DoS)

2020-04-1000:46:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

lvm2-cluster is vulnerable to denial of service. It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster.

CPENameOperatorVersion
lvm2-clustereq2.02.27__2.el4_6.2
lvm2-clustereq2.02.26__1.el5
lvm2-clustereq2.02.21__7.el4
lvm2-clustereq2.02.46__8.el5_4.1
lvm2-clustereq2.02.16__3.el5
lvm2-clustereq2.02.40__7.el5
lvm2-clustereq2.02.37__3.el4_7.2
lvm2-clustereq2.02.46__8.el5
lvm2-clustereq2.02.27__2.el4
lvm2-clustereq2.02.32__4.el5

Name	Operator	Version
lvm2-cluster	eq	2.02.27__2.el4_6.2
lvm2-cluster	eq	2.02.26__1.el5
lvm2-cluster	eq	2.02.21__7.el4
lvm2-cluster	eq	2.02.46__8.el5_4.1
lvm2-cluster	eq	2.02.16__3.el5
lvm2-cluster	eq	2.02.40__7.el5
lvm2-cluster	eq	2.02.37__3.el4_7.2
lvm2-cluster	eq	2.02.46__8.el5
lvm2-cluster	eq	2.02.27__2.el4
lvm2-cluster	eq	2.02.32__4.el5