User: Password:
Subscribe / Log in / New account

lvm10: creates insecure temporary directory

Package(s):lvm10 CVE #(s):CAN-2004-0972
Created:November 1, 2004 Updated:July 25, 2005
Description: Trustix Secure Linux discovered a vulnerability in a supplemental script of the lvm10 package. The program "lvmcreate_initrd" created a temporary directory in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Fedora-Legacy FLSA:152842 lvm 2005-07-24
Mandrake MDKSA-2004:144 lvm 2004-12-06
Gentoo 200411-22 davfs2 2004-11-11
Debian DSA-583-1 lvm10 2004-11-03
Ubuntu USN-15-1 lvm10 2004-11-01

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds