Computer Security

udev multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



udev multiple security vulnerabilities
updated since 17.04.2009
Published:19.04.2009
Source:BUGTRAQ
SecurityVulns ID:9846
Type:local
Level:6/10
Description:Privilege escalation with NETLINK messages, buffer overflow on path encoding.
Affected:UDEV : udev 0.125
CVE:CVE-2009-1186 (Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.)
 CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.)
Original documentdocumentKingcope Kingcope, [Full-disclosure] udev exploit (19.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation (17.04.2009)
Files:udev exploit
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru