Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0972

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0972
Last Modified 21 Aug 2010 12:21:34
Published 09 Feb 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0972

Summary

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Vulnerable Systems

Operating System

  • Gentoo Linux

Application

  • Lvm Logical Volume Management Utilities 1.0.1

  • Lvm Logical Volume Management Utilities 1.0.4

  • Lvm Logical Volume Management Utilities 1.0.7

  • Lvm Logical Volume Management Utilities 1.0.8


References

TRUSTIX - 2004-0050

BID - 11290

XF - script-temporary-file-overwrite(17583)

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136308

REDHAT - RHBA-2004:232


Last Updated: 27 May 2016 10:38:50