CVE-2010-2526

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:heinz_mauelshagen:lvm2:*:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.50:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.51:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.52:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.53:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.54:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.55:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.56:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.57:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.58:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.59:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.60:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.61:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.62:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.63:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.64:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.65:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.66:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.67:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.68:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.69:*:*:*:*:*:*:*
cpe:2.3:a:heinz_mauelshagen:lvm2:2.02.70:*:*:*:*:*:*:*
OR cpe:2.3:a:redhat:cluster_suite:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:advanced_platform:*:*:*:*:*

History

21 Nov 2024, 01:16

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html -
References () http://secunia.com/advisories/40759 - Vendor Advisory () http://secunia.com/advisories/40759 - Vendor Advisory
References () http://securitytracker.com/id?1024258 - () http://securitytracker.com/id?1024258 -
References () http://www.osvdb.org/66753 - () http://www.osvdb.org/66753 -
References () http://www.ubuntu.com/usn/USN-1001-1 - () http://www.ubuntu.com/usn/USN-1001-1 -
References () http://www.vupen.com/english/advisories/2010/1944 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1944 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=614248 - Exploit () https://bugzilla.redhat.com/show_bug.cgi?id=614248 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/60809 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/60809 -
References () https://rhn.redhat.com/errata/RHSA-2010-0567.html - () https://rhn.redhat.com/errata/RHSA-2010-0567.html -
References () https://rhn.redhat.com/errata/RHSA-2010-0568.html - () https://rhn.redhat.com/errata/RHSA-2010-0568.html -
References () https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html - () https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html -

Information

Published : 2010-08-05 13:22

Updated : 2024-11-21 01:16


NVD link : CVE-2010-2526

Mitre link : CVE-2010-2526

CVE.ORG link : CVE-2010-2526


JSON object : View

Products Affected

heinz_mauelshagen

  • lvm2

redhat

  • cluster_suite
  • enterprise_linux
CWE
CWE-287

Improper Authentication