Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.67735
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2010:0567
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0567.

The lvm2-cluster package contains support for Logical Volume Management
(LVM) in a clustered environment.

It was discovered that the cluster logical volume manager daemon (clvmd)
did not verify the credentials of clients connecting to its control UNIX
abstract socket, allowing local, unprivileged users to send control
commands that were intended to only be available to the privileged root
user. This could allow a local, unprivileged user to cause clvmd to exit,
or request clvmd to activate, deactivate, or reload any logical volume on
the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than
an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes
LVM to also use this pathname-based socket, must also be installed for LVM
to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which
contains a backported patch to correct this issue. After installing the
updated package, clvmd must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0567.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.6

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-2526
https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html
http://www.osvdb.org/66753
RedHat Security Advisories: RHSA-2010:0567
https://rhn.redhat.com/errata/RHSA-2010-0567.html
RedHat Security Advisories: RHSA-2010:0568
https://rhn.redhat.com/errata/RHSA-2010-0568.html
http://securitytracker.com/id?1024258
http://secunia.com/advisories/40759
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.ubuntu.com/usn/USN-1001-1
http://www.vupen.com/english/advisories/2010/1944
XForce ISS Database: lvm2-socket-privilege-escalation(60809)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60809
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.