Summary
The remote host is missing an update to lvm2
announced via advisory DSA 2095-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202095-1
Insight
Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service.
For the stable distribution (lenny), this problem has been fixed in version 2.02.39-8
For the testing distribution (squeeze), and the unstable distribution (sid), this problem has been fixed in version 2.02.66-3
We recommend that you upgrade your lvm2 package.
Severity
Classification
-
CVE CVE-2010-2526 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities