Bugzilla – Full Text Bug Listing
|Summary:||VUL-0: CVE-2004-0972: lvm: tmp file handling|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Thomas Biege <thomas>|
|Component:||Incidents||Assignee:||Thomas Fehr <fehr>|
|Status:||RESOLVED FIXED||QA Contact:||Security Team bot <security-team>|
|Priority:||P3 - Medium||CC:||security-team|
|Whiteboard:||CVE-2004-0972: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)|
|Found By:||---||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Thomas Biege 2004-01-22 16:47:58 UTC
Comment 1 Thomas Biege 2004-01-22 16:47:58 UTC
<!-- SBZ_reproduce --> -
Comment 2 Thomas Fehr 2004-01-22 17:27:35 UTC
If the user calls it.
Comment 3 Thomas Biege 2004-01-22 17:31:58 UTC
So, we need an update. I will attach the patchinfo files in the next few minutes.
Comment 4 Thomas Fehr 2004-01-22 17:39:00 UTC
You are aware that everybody that call this script on a SuSE system, will render his system unbootable anyway? This script is part of regular LVM distribution and creates a initrd that is able to use LVM as root filesystem. I am almost completely sure that it will not work on a SuSE system. On SuSE LVM as root works out of the box when configured by YaST2. The only reason I added this script is for people to look at it as an example if they want to create their own initrd for some special reason.
Comment 5 Thomas Biege 2004-01-22 17:42:03 UTC
If this script serves as an example can you add a comment to it about the insecurity of the file creation for STABLE please. If done, please close this entry.
Comment 6 Thomas Fehr 2004-01-22 17:57:34 UTC
The only lvm relevant on STABLE is lvm2 (which does not contain such a script at all). Probably plain old lvm is still present but it will not be available on a distribution based on kernel 2.6 since lvm1 will never be ported to kernel 2.6 and lvm2 is able to read the on-disk information of old lvm. Anyway I removed the script from lvm package on STABLE, since YaST2/mk_initrd is able to create a initrd suitable for LVM root it has lost its value anyway. People should better look into mk_initrd if they need to create a special initrd.
Comment 7 Thomas Biege 2004-01-22 18:03:55 UTC
Comment 8 Ludwig Nussel 2004-12-08 18:18:28 UTC
Comment 9 Thomas Biege 2009-10-13 19:55:08 UTC
CVE-2004-0972: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)