SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   LVM2 Vendors:   Red Hat
(Red Hat Issues Fix) LVM2 Missing Authentication in Cluster Local Volume Manager Lets Local Users Manage Volumes in the Cluster
SecurityTracker Alert ID:  1024260
SecurityTracker URL:  http://securitytracker.com/id/1024260
CVE Reference:   CVE-2010-2526   (Links to External Site)
Date:  Jul 29 2010
Impact:   Denial of service via local system, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in LVM2. A local user can manage volumes in the cluster.

The cluster logical volume manager daemon (clvmd) does not verify the credentials of clients connecting to its control UNIX abstract socket. A local user can send control commands to clvmd to activate, deactivate, or reload any logical volume on the target system or on another system in the cluster.

Alasdair Kergon reported this vulnerability.
Impact:   A local user can activate, deactivate, or reload any logical volume on the target system or on another system in the cluster.
Solution:   Red Hat has issued a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2010-0568.html
Vendor URL:  sourceware.org/lvm2/ (Links to External Site)
Cause:   Authentication error
Underlying OS:   Linux (Red Hat Enterprise)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 29 2010 LVM2 Missing Authentication in Cluster Local Volume Manager Lets Local Users Manage Volumes in the Cluster


 Source Message Contents
Date:  Wed, 28 Jul 2010 10:35:26 -0400
Subject:  [RHSA-2010:0568-01] Moderate: lvm2-cluster security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: lvm2-cluster security update
Advisory ID:       RHSA-2010:0568-01
Product:           Red Hat Global File System
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2010-0568.html
Issue date:        2010-07-28
CVE Names:         CVE-2010-2526 
=====================================================================

1. Summary:

An updated lvm2-cluster package that fixes one security issue is now
available for Red Hat Global File System for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Global File System 4AS - i386, ia64, ppc, x86_64
Red Hat Global File System 4ES - i386, ia64, x86_64
Red Hat Global File System 4WS - i386, ia64, x86_64

3. Description:

The lvm2-cluster package contains support for Logical Volume Management
(LVM) in a clustered environment.

It was discovered that the cluster logical volume manager daemon (clvmd)
did not verify the credentials of clients connecting to its control UNIX
abstract socket, allowing local, unprivileged users to send control
commands that were intended to only be available to the privileged root
user. This could allow a local, unprivileged user to cause clvmd to exit,
or request clvmd to activate, deactivate, or reload any logical volume on
the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than
an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes
LVM to also use this pathname-based socket, must also be installed for LVM
to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which
contains a backported patch to correct this issue. After installing the
updated package, clvmd must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

614248 - CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd

6. Package List:

Red Hat Global File System 4AS:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHGFS/SRPMS/lvm2-cluster-2.02.42-5.el4_8.2.src.rpm

i386:
lvm2-cluster-2.02.42-5.el4_8.2.i386.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.i386.rpm

ia64:
lvm2-cluster-2.02.42-5.el4_8.2.ia64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.ia64.rpm

ppc:
lvm2-cluster-2.02.42-5.el4_8.2.ppc64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.ppc64.rpm

x86_64:
lvm2-cluster-2.02.42-5.el4_8.2.x86_64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.x86_64.rpm

Red Hat Global File System 4ES:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHGFS/SRPMS/lvm2-cluster-2.02.42-5.el4_8.2.src.rpm

i386:
lvm2-cluster-2.02.42-5.el4_8.2.i386.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.i386.rpm

ia64:
lvm2-cluster-2.02.42-5.el4_8.2.ia64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.ia64.rpm

x86_64:
lvm2-cluster-2.02.42-5.el4_8.2.x86_64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.x86_64.rpm

Red Hat Global File System 4WS:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/RHGFS/SRPMS/lvm2-cluster-2.02.42-5.el4_8.2.src.rpm

i386:
lvm2-cluster-2.02.42-5.el4_8.2.i386.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.i386.rpm

ia64:
lvm2-cluster-2.02.42-5.el4_8.2.ia64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.ia64.rpm

x86_64:
lvm2-cluster-2.02.42-5.el4_8.2.x86_64.rpm
lvm2-cluster-debuginfo-2.02.42-5.el4_8.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2526.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMUD/xXlSAg2UNWIIRAhc9AKCDbJ0iAiR6gFWpRwSKPZxyBQ8tegCgkJ+b
Ub/2avCEk2RTMS2gfS0pb9Y=
=uN18
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC