Friday, September 10, 2010

lvm2: cluster logical volume manager daemon vulnerability

Users of lvm2 please be advised of a cluster logical volume manager daemon vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
MDVSA-2010:171: [MDVSA-2010:171] lvm2
Problem Description:



A vulnerability has been found and corrected in lvm2:



The cluster logical volume manager daemon (clvmd) in lvm2-cluster

in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)

and other products, does not verify client credentials upon a socket

connection, which allows local users to cause a denial of service

(daemon exit or logical-volume change) or possibly have unspecified

other impact via crafted control commands (CVE-2010-2526).


Read more at www.criticalwatch.com
 

No comments:

Post a Comment