Debian Security Advisory DSA 583-1 (lvm10) Network Vulnerability

Summary

The remote host is missing an update to lvm10 announced via advisory DSA 583-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20583-1

Insight

Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack. For the stable distribution (woody) this problem has been fixed in version 1.0.4-5woody2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your lvm10 package.

Severity

Classification

CVE CVE-2004-0972

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)
Debian Security Advisory DSA 1531-1 (policyd-weight)
Debian Security Advisory DSA 2590-1 (wireshark - several vulnerabilities)
Debian Security Advisory DSA 2752-1 (phpbb3 - permissions too wide)
Debian Security Advisory DSA 2594-1 (virtualbox-ose - programming error)

Take action and discover your vulnerabilities