Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:171 (lvm2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68256

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:171 (lvm2)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to lvm2
announced via advisory MDVSA-2010:171.

A vulnerability has been found and corrected in lvm2:

The cluster logical volume manager daemon (clvmd) in lvm2-cluster
in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)
and other products, does not verify client credentials upon a socket
connection, which allows local users to cause a denial of service
(daemon exit or logical-volume change) or possibly have unspecified
other impact via crafted control commands (CVE-2010-2526).

The updated packages have been patched to correct this issue.

Affected: 2009.1, 2010.0, 2010.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:171

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2526
1024258
http://securitytracker.com/id?1024258
40759
http://secunia.com/advisories/40759
66753
http://www.osvdb.org/66753
ADV-2010-1944
http://www.vupen.com/english/advisories/2010/1944
RHSA-2010:0567
https://rhn.redhat.com/errata/RHSA-2010-0567.html
RHSA-2010:0568
https://rhn.redhat.com/errata/RHSA-2010-0568.html
SUSE-SR:2010:017
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
USN-1001-1
http://www.ubuntu.com/usn/USN-1001-1
[linux-lvm] 20100728 lvm2-cluster (clvmd) security fix (Moderate)
https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html
https://bugzilla.redhat.com/show_bug.cgi?id=614248
lvm2-socket-privilege-escalation(60809)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60809

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68256
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:171 (lvm2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to lvm2 announced via advisory MDVSA-2010:171. A vulnerability has been found and corrected in lvm2: The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands (CVE-2010-2526). The updated packages have been patched to correct this issue. Affected: 2009.1, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:171 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2526 1024258 http://securitytracker.com/id?1024258 40759 http://secunia.com/advisories/40759 66753 http://www.osvdb.org/66753 ADV-2010-1944 http://www.vupen.com/english/advisories/2010/1944 RHSA-2010:0567 https://rhn.redhat.com/errata/RHSA-2010-0567.html RHSA-2010:0568 https://rhn.redhat.com/errata/RHSA-2010-0568.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html USN-1001-1 http://www.ubuntu.com/usn/USN-1001-1 [linux-lvm] 20100728 lvm2-cluster (clvmd) security fix (Moderate) https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html https://bugzilla.redhat.com/show_bug.cgi?id=614248 lvm2-socket-privilege-escalation(60809) https://exchange.xforce.ibmcloud.com/vulnerabilities/60809
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com