Bug 49082 - (CVE-2004-0972) VUL-0: CVE-2004-0972: lvm: tmp file handling
(CVE-2004-0972)
VUL-0: CVE-2004-0972: lvm: tmp file handling
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Thomas Fehr
Security Team bot
CVE-2004-0972: CVSS v2 Base Score: 2....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-22 16:47 UTC by Thomas Biege
Modified: 2021-10-04 08:29 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2004-01-22 16:47:58 UTC
Hi,  
a customer reported a security problem with a shell script. 
 
/sbin/lvmcreate_initrd 
[...] 
DEVRAM=/tmp/initrd.$$ 
[...] 
verbose "using $DEVRAM as a temporary loopback file" 
#thx for that info 
dd if=/dev/zero of=$DEVRAM count=$INITRDSIZE bs=1024 
> /dev/null 2>&1 
[...] 
 
 
How/when is this script used?
Comment 1 Thomas Biege 2004-01-22 16:47:58 UTC
<!-- SBZ_reproduce  -->
-
Comment 2 Thomas Fehr 2004-01-22 17:27:35 UTC
If the user calls it.
Comment 3 Thomas Biege 2004-01-22 17:31:58 UTC
So, we need an update. I will attach the patchinfo files in the next few 
minutes. 
Comment 4 Thomas Fehr 2004-01-22 17:39:00 UTC
You are aware that everybody that call this script on a SuSE system, will
render his system unbootable anyway? This script is part of regular LVM 
distribution and creates a initrd that is able to use LVM as root filesystem.
I am almost completely sure that it will not work on a SuSE system.
On SuSE LVM as root works out of the box when configured by YaST2. The only 
reason I added this script is for people to look at it as an example if they
want to create their own initrd for some special reason.
Comment 5 Thomas Biege 2004-01-22 17:42:03 UTC
If this script serves as an example can you add a comment to it 
about the insecurity of the file creation for STABLE please. 
 
If done, please close this entry. 
Comment 6 Thomas Fehr 2004-01-22 17:57:34 UTC
The only lvm relevant on STABLE is lvm2 (which does not contain such 
a script at all). Probably plain old lvm is still present but it will not be
available on a distribution based on kernel 2.6 since lvm1 will never be ported
to kernel 2.6 and lvm2 is able to read the on-disk information of old lvm.

Anyway I removed the script from lvm package on STABLE, since YaST2/mk_initrd 
is able to create a initrd suitable for LVM root it has lost its value anyway.
People should better look into mk_initrd if they need to create a special
initrd.
Comment 7 Thomas Biege 2004-01-22 18:03:55 UTC
Thank you! 
Comment 8 Ludwig Nussel 2004-12-08 18:18:28 UTC
CAN-2004-0972 
Comment 9 Thomas Biege 2009-10-13 19:55:08 UTC
CVE-2004-0972: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:P/A:N)