Users of lvm2 please be advised of a cluster logical volume manager daemon vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MDVSA-2010:171: [MDVSA-2010:171] lvm2
Problem Description:
A vulnerability has been found and corrected in lvm2:
The cluster logical volume manager daemon (clvmd) in lvm2-cluster
in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)
and other products, does not verify client credentials upon a socket
connection, which allows local users to cause a denial of service
(daemon exit or logical-volume change) or possibly have unspecified
other impact via crafted control commands (CVE-2010-2526).
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/blZT1Q

No comments:
Post a Comment