The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| heinz_mauelshagen | lvm2 | 2.02.53 |
| heinz_mauelshagen | lvm2 | 2.02.66 |
| heinz_mauelshagen | lvm2 | * |
| heinz_mauelshagen | lvm2 | 2.02.67 |
| heinz_mauelshagen | lvm2 | 2.02.69 |
| heinz_mauelshagen | lvm2 | 2.02.57 |
| heinz_mauelshagen | lvm2 | 2.02.61 |
| heinz_mauelshagen | lvm2 | 2.02.58 |
| heinz_mauelshagen | lvm2 | 2.02.51 |
| heinz_mauelshagen | lvm2 | 2.02.62 |
| heinz_mauelshagen | lvm2 | 2.02.70 |
| heinz_mauelshagen | lvm2 | 2.02.55 |
| heinz_mauelshagen | lvm2 | 2.02.52 |
| heinz_mauelshagen | lvm2 | 2.02.64 |
| heinz_mauelshagen | lvm2 | 2.02.54 |
| heinz_mauelshagen | lvm2 | 2.02.59 |
| heinz_mauelshagen | lvm2 | 2.02.50 |
| heinz_mauelshagen | lvm2 | 2.02.60 |
| heinz_mauelshagen | lvm2 | 2.02.65 |
| heinz_mauelshagen | lvm2 | 2.02.56 |
| heinz_mauelshagen | lvm2 | 2.02.63 |
| heinz_mauelshagen | lvm2 | 2.02.68 |