Public Date:
614248: CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd

The MITRE CVE dictionary describes this issue as:

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.

Find out more about CVE-2010-2526 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.8
Base Metrics AV:A/AC:L/Au:N/C:N/I:P/A:P
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Global File System 4AS (lvm2-cluster) RHSA-2010:0568 2010-07-28
Red Hat Enterprise Linux Cluster-Storage (v. 5 server) (lvm2-cluster) RHSA-2010:0567 2010-07-28

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 lvm2 Will not fix
Red Hat Enterprise Linux 5 lvm2-cluster Will not fix
Red Hat Cluster Suite 4AS lvm2-cluster Will not fix
Last Modified

CVE description copyright © 2017, The MITRE Corporation