INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | A vulnerability in the LVM package was found where the existance of temporary files was not being checked. |
| PLATFORM: | Debian GNU/Linux 3.0 (woody) - lvm10 package |
| DAMAGE: | Local users can overwrite files using a symlink attack with the possibility of gaining escalated privileges. |
| SOLUTION: | Upgrade your lvm10 package. |
| VULNERABILITY ASSESSMENT: |
The risk is LOW. It is expected that LVM administrators are highly trusted and competent users. Only a local user can exploit this vulnerability. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/p-030.shtml |
| ORIGINAL BULLETIN: | http://www.debian.org/security/2004/dsa-583 |
| CVE/CAN: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0972 |
[***** Start Debian Security Advisory: DSA 583-1 *****] Debian Security Advisory DSA-583-1 lvm10 -- insecure temporary directory Date Reported: 03 Nov 2004 Affected Packages: lvm10 Vulnerable: Yes Security database references: In the Debian bugtracking system: Bug 279229. In Mitre's CVE dictionary: CAN-2004-0972. More information: Trustix developers discovered insecure temporary file creation in a supplemental script in the lvm10 package that didn't check for existing temporary directories, allowing local users to overwrite files via a symlink attack. For the stable distribution (woody) this problem has been fixed in version 1.0.4-5woody2. For the unstable distribution (sid) this problem has been fixed in version 1.0.8-8. We recommend that you upgrade your lvm10 package. Fixed in: Debian GNU/Linux 3.0 (woody) Source: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2.dsc http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2.diff.gz http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4.orig.tar.gz Alpha: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_alpha.deb ARM: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_arm.deb Intel IA-32: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_ia64.deb HPPA: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_hppa.deb Motorola 680x0: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_m68k.deb Big endian MIPS: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_mips.deb Little endian MIPS: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_sparc.deb MD5 checksums of the listed files are available in the original advisory. -------------------------------------------------------------------------------- This page is also available in the following languages: dansk Deutsch svenska How to set the default document language -------------------------------------------------------------------------------- To report a problem with the web site, e-mail debian-www@lists.debian.org. For other contact information, see the Debian contact page. Last Modified: Wed, Nov 3 18:42:23 UTC 2004 Copyright © 2004 SPI; See license terms Debian is a registered trademark of Software in the Public Interest, Inc. [***** End Debian Security Advisory: DSA 583-1 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/