CVE Vulnerabilities

CVE-2010-2526

Improper Authentication

Published: Aug 05, 2010 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
4.8 MODERATE
AV:A/AC:L/Au:N/C:N/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Lvm2 Heinz_mauelshagen * 2.02.71 (including)
Lvm2 Heinz_mauelshagen 2.02.50 (including) 2.02.50 (including)
Lvm2 Heinz_mauelshagen 2.02.51 (including) 2.02.51 (including)
Lvm2 Heinz_mauelshagen 2.02.52 (including) 2.02.52 (including)
Lvm2 Heinz_mauelshagen 2.02.53 (including) 2.02.53 (including)
Lvm2 Heinz_mauelshagen 2.02.54 (including) 2.02.54 (including)
Lvm2 Heinz_mauelshagen 2.02.55 (including) 2.02.55 (including)
Lvm2 Heinz_mauelshagen 2.02.56 (including) 2.02.56 (including)
Lvm2 Heinz_mauelshagen 2.02.57 (including) 2.02.57 (including)
Lvm2 Heinz_mauelshagen 2.02.58 (including) 2.02.58 (including)
Lvm2 Heinz_mauelshagen 2.02.59 (including) 2.02.59 (including)
Lvm2 Heinz_mauelshagen 2.02.60 (including) 2.02.60 (including)
Lvm2 Heinz_mauelshagen 2.02.61 (including) 2.02.61 (including)
Lvm2 Heinz_mauelshagen 2.02.62 (including) 2.02.62 (including)
Lvm2 Heinz_mauelshagen 2.02.63 (including) 2.02.63 (including)
Lvm2 Heinz_mauelshagen 2.02.64 (including) 2.02.64 (including)
Lvm2 Heinz_mauelshagen 2.02.65 (including) 2.02.65 (including)
Lvm2 Heinz_mauelshagen 2.02.66 (including) 2.02.66 (including)
Lvm2 Heinz_mauelshagen 2.02.67 (including) 2.02.67 (including)
Lvm2 Heinz_mauelshagen 2.02.68 (including) 2.02.68 (including)
Lvm2 Heinz_mauelshagen 2.02.69 (including) 2.02.69 (including)
Lvm2 Heinz_mauelshagen 2.02.70 (including) 2.02.70 (including)
Lvm2 Ubuntu dapper *
Lvm2 Ubuntu devel *
Lvm2 Ubuntu hardy *
Lvm2 Ubuntu jaunty *
Lvm2 Ubuntu karmic *
Lvm2 Ubuntu lucid *
Lvm2 Ubuntu upstream *
Red Hat Enterprise Linux 5 RedHat lvm2-cluster-0:2.02.56-7.el5_5.4 *

Potential Mitigations

References