Summary
The remote host is missing an update to lvm10
announced via advisory DSA 583-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20583-1
Insight
Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack.
For the stable distribution (woody) this problem has been fixed in version 1.0.4-5woody2.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your lvm10 package.
Severity
Classification
-
CVE CVE-2004-0972 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities