Bug 49082 (CVE-2004-0972)

Summary: VUL-0: CVE-2004-0972: lvm: tmp file handling
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Thomas Fehr <fehr>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0972: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2004-01-22 16:47:58 UTC 
Hi,  
a customer reported a security problem with a shell script. 
 
/sbin/lvmcreate_initrd 
[...] 
DEVRAM=/tmp/initrd.$$ 
[...] 
verbose "using $DEVRAM as a temporary loopback file" 
#thx for that info 
dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024 
> /dev/null 2>&1 
[...] 
 
 
How/when is this script used?
Comment 1 Thomas Biege 2004-01-22 16:47:58 UTC 
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Fehr 2004-01-22 17:27:35 UTC 
If the user calls it.
Comment 3 Thomas Biege 2004-01-22 17:31:58 UTC 
So, we need an update. I will attach the patchinfo files in the next few 
minutes.
Comment 4 Thomas Fehr 2004-01-22 17:39:00 UTC 
You are aware that everybody that call this script on a SuSE system, will
render his system unbootable anyway? This script is part of regular LVM 
distribution and creates a initrd that is able to use LVM as root filesystem.
I am almost completely sure that it will not work on a SuSE system.
On SuSE LVM as root works out of the box when configured by YaST2. The only 
reason I added this script is for people to look at it as an example if they
want to create their own initrd for some special reason.
Comment 5 Thomas Biege 2004-01-22 17:42:03 UTC 
If this script serves as an example can you add a comment to it 
about the insecurity of the file creation for STABLE please. 
 
If done, please close this entry.
Comment 6 Thomas Fehr 2004-01-22 17:57:34 UTC 
The only lvm relevant on STABLE is lvm2 (which does not contain such 
a script at all). Probably plain old lvm is still present but it will not be
available on a distribution based on kernel 2.6 since lvm1 will never be ported
to kernel 2.6 and lvm2 is able to read the on-disk information of old lvm.

Anyway I removed the script from lvm package on STABLE, since YaST2/mk_initrd 
is able to create a initrd suitable for LVM root it has lost its value anyway.
People should better look into mk_initrd if they need to create a special
initrd.
Comment 7 Thomas Biege 2004-01-22 18:03:55 UTC 
Thank you!
Comment 8 Ludwig Nussel 2004-12-08 18:18:28 UTC 
CAN-2004-0972
Comment 9 Thomas Biege 2009-10-13 19:55:08 UTC 
CVE-2004-0972: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)