 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.880581 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for lvm2-cluster CESA-2010:0567 centos5 i386 |
| Resumen: | The remote host is missing an update for the 'lvm2-cluster'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'lvm2-cluster' package(s) announced via the referenced advisory. Vulnerability Insight: The lvm2-cluster package contains support for Logical Volume Management (LVM) in a clustered environment. It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526) Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd. All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect. Affected Software/OS: lvm2-cluster on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2526 1024258 http://securitytracker.com/id?1024258 40759 http://secunia.com/advisories/40759 66753 http://www.osvdb.org/66753 ADV-2010-1944 http://www.vupen.com/english/advisories/2010/1944 RHSA-2010:0567 https://rhn.redhat.com/errata/RHSA-2010-0567.html RHSA-2010:0568 https://rhn.redhat.com/errata/RHSA-2010-0568.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html USN-1001-1 http://www.ubuntu.com/usn/USN-1001-1 [linux-lvm] 20100728 lvm2-cluster (clvmd) security fix (Moderate) https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html https://bugzilla.redhat.com/show_bug.cgi?id=614248 lvm2-socket-privilege-escalation(60809) https://exchange.xforce.ibmcloud.com/vulnerabilities/60809 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |