Test ID:	1.3.6.1.4.1.25623.1.0.54430
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2005:152842
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2005:152842. A vulnerability has been reported in LVM, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the lvmcreate_initrd script creating temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files on the system with the privileges of the user invoking the vulnerable script. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0972 to this issue. Users of lvm are advised to upgrade to this errata package, which contains a backported patch correcting this issue. Affected platforms: Redhat 7.3 Redhat 9 Fedora Core 1 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:152842 Risk factor : Medium CVSS Score: 2.1
Cross-Ref:	BugTraq ID: 11290 Common Vulnerability Exposure (CVE) ID: CVE-2004-0972 http://www.securityfocus.com/bid/11290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10632 RedHat Security Advisories: RHBA-2004:232 http://rhn.redhat.com/errata/RHBA-2004-232.html http://www.trustix.org/errata/2004/0050 XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.