• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Trustix LVM Utilities Unspecified Insecure Temporary File Creation Vulnerability

Solution:
Trustix Linux has released an advisory (TSL-2004-0050) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Ubuntu has released an advisory (USN-15-1) to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 583-1 to address this issue. Please see the attached advisory for further details on obtaining and applying fixes.

Gentoo Linux has released advisory GLSA 200411-22 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=sys-fs/lvm-user-1.0.7-r2"
Please see the referenced advisory for further information.

MandrakeSoft has issued an advisory (MDKSA-2004:144) along with patched upgrades. Please see the referenced advisory for more information.

Fedora Legacy has released security advisory FLSA:152842 addressing this issue for RedHat Linux 7.3 and 9, and for Fedora Core 1. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


LVM Logical Volume Management Utilities 1.0.1

• Mandrake lvm-1.0.1-2.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lvm-1.0.1-2.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

LVM Logical Volume Management Utilities 1.0.4

• Debian lvm10_1.0.4-5woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_alpha.deb


• Debian lvm10_1.0.4-5woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_arm.deb


• Debian lvm10_1.0.4-5woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_hppa.deb


• Debian lvm10_1.0.4-5woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_i386.deb


• Debian lvm10_1.0.4-5woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_ia64.deb


• Debian lvm10_1.0.4-5woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_m68k.deb


• Debian lvm10_1.0.4-5woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_mips.deb


• Debian lvm10_1.0.4-5woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_mipsel.deb


• Debian lvm10_1.0.4-5woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_powerpc.deb


• Debian lvm10_1.0.4-5woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_s390.deb


• Debian lvm10_1.0.4-5woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_sparc.deb

LVM Logical Volume Management Utilities 1.0.7

• Mandrake lvm-1.0.7-2.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lvm-1.0.7-2.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Trustix lvm-1.0.7-6tr.i586.rpm
  Trustix Secure Linux 2.0
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix lvm-1.0.8-5tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix lvm-devel-1.0.7-6tr.i586.rpm
  Trustix Secure Linux 2.0
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix lvm-devel-1.0.8-5tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/

LVM Logical Volume Management Utilities 1.0.8

• Mandrake lvm1-1.0.8-3.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lvm1-1.0.8-3.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lvm1-1.0.8-3.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lvm1-1.0.8-3.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Ubuntu lvm10-udeb_1.0.8-4ubuntu1.1_amd64.udeb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10-udeb_1.0.8-4 ubuntu1.1_amd64.udeb


• Ubuntu lvm10-udeb_1.0.8-4ubuntu1.1_i386.udeb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10-udeb_1.0.8-4 ubuntu1.1_i386.udeb


• Ubuntu lvm10-udeb_1.0.8-4ubuntu1.1_powerpc.udeb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10-udeb_1.0.8-4 ubuntu1.1_powerpc.udeb


• Ubuntu lvm10_1.0.8-4ubuntu1.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubunt u1.1_amd64.deb


• Ubuntu lvm10_1.0.8-4ubuntu1.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubunt u1.1_i386.deb


• Ubuntu lvm10_1.0.8-4ubuntu1.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubunt u1.1_powerpc.deb