Lucene search
UbuntuUSN-15-1HistoryNov 02, 2004 - 12:00 a.m.
lvm10 vulnerability
2004-11-0200:00:00
ubuntu.com
45
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Releases
- Ubuntu 4.10
Details
Recently, Trustix Secure Linux discovered a vulnerability in a
supplemental script of the lvm10 package. The program
“lvmcreate_initrd” created a temporary directory in an insecure way,
which could allow a symlink attack to create or overwrite arbitrary
files with the privileges of the user invoking the program.
References
Related
gentoo
gentoo
Davfs2, lvm-user: Insecure tempfile handling
2004-11-11 00:00:00
securityvulns
securityvulns
[USN-15-1] lvm10 vulnerability
2004-11-03 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-22 (davfs2)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-583-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 583-1 (lvm10)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory
2004-11-03 08:29:57
[SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory
2004-11-03 08:29:57
nessus
nessus
GLSA-200411-22 : Davfs2, lvm-user: Insecure tempfile handling
2004-11-16 00:00:00
Debian DSA-583-1 : lvm10 - insecure temporary directory
2004-11-10 00:00:00
Mandrake Linux Security Advisory : lvm (MDKSA-2004:144)
2004-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2004-0972
2005-02-09 00:00:00
osv
osv
lvm10 - insecure temporary directory
2004-11-03 00:00:00
cvelist
cvelist
CVE-2004-0972
2004-10-20 04:00:00
cve
cve
CVE-2004-0972
2005-02-09 05:00:00
nvd
nvd
CVE-2004-0972
2005-02-09 05:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for USN-15-1