Lucene search

K

Gentoo FoundationGLSA-201405-01

HistoryMay 02, 2014 - 12:00 a.m.

udisks: Arbitrary code execution

2014-05-0200:00:00

Gentoo Foundation

security.gentoo.org

9

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

Background

udisks is an abstraction for enumerating block devices and performing operations on them.

Description

A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point.

Impact

A local attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All udisks 1.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sys-fs/udisks-1.0.5:0"

All udisks 2.0 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sys-fs/udisks-2.1.3"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-fs/udisks< 2.1.3UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

Related for GLSA-201405-01

nessus16 openvas20 securityvulns2 slackware1 cvelist1 fedora4 debian1 centos1 prion1 debiancve1 seebug1 cve1 osv3 ubuntu1 ubuntucve1 veracode1 oraclelinux1 mageia1 redhat1 nvd1