CVE-2010-2526

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
heinz_mauelshagenlvm2
𝑥
≤ 2.02.71
heinz_mauelshagenlvm2
2.02.50
heinz_mauelshagenlvm2
2.02.51
heinz_mauelshagenlvm2
2.02.52
heinz_mauelshagenlvm2
2.02.53
heinz_mauelshagenlvm2
2.02.54
heinz_mauelshagenlvm2
2.02.55
heinz_mauelshagenlvm2
2.02.56
heinz_mauelshagenlvm2
2.02.57
heinz_mauelshagenlvm2
2.02.58
heinz_mauelshagenlvm2
2.02.59
heinz_mauelshagenlvm2
2.02.60
heinz_mauelshagenlvm2
2.02.61
heinz_mauelshagenlvm2
2.02.62
heinz_mauelshagenlvm2
2.02.63
heinz_mauelshagenlvm2
2.02.64
heinz_mauelshagenlvm2
2.02.65
heinz_mauelshagenlvm2
2.02.66
heinz_mauelshagenlvm2
2.02.67
heinz_mauelshagenlvm2
2.02.68
heinz_mauelshagenlvm2
2.02.69
heinz_mauelshagenlvm2
2.02.70
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lvm2
bullseye
2.03.11-2.1
fixed
bookworm
2.03.16-2
fixed
trixie
2.03.22-1
fixed
sid
2.03.27-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lvm2
lucid
Fixed 2.02.54-1ubuntu4.1
released
karmic
Fixed 2.02.39-0ubuntu11.1
released
jaunty
Fixed 2.02.39-0ubuntu9.1
released
hardy
Fixed 2.02.26-1ubuntu9.1
released
dapper
Fixed 2.02.02-1ubuntu1.6
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/40759
http://securitytracker.com/id?1024258
http://www.osvdb.org/66753
http://www.ubuntu.com/usn/USN-1001-1
http://www.vupen.com/english/advisories/2010/1944
https://bugzilla.redhat.com/show_bug.cgi?id=614248
https://exchange.xforce.ibmcloud.com/vulnerabilities/60809
https://rhn.redhat.com/errata/RHSA-2010-0567.html
https://rhn.redhat.com/errata/RHSA-2010-0568.html
https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/40759
http://securitytracker.com/id?1024258
http://www.osvdb.org/66753
http://www.ubuntu.com/usn/USN-1001-1
http://www.vupen.com/english/advisories/2010/1944
https://bugzilla.redhat.com/show_bug.cgi?id=614248
https://exchange.xforce.ibmcloud.com/vulnerabilities/60809
https://rhn.redhat.com/errata/RHSA-2010-0567.html
https://rhn.redhat.com/errata/RHSA-2010-0568.html
https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html