Computer Security
[EN] no-pyccku

udev multiple security vulnerabilities
updated since 17.04.2009
SecurityVulns ID:9846
Threat Level:
Description:Privilege escalation with NETLINK messages, buffer overflow on path encoding.
Affected:UDEV : udev 0.125
CVE:CVE-2009-1186 (Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.)
 CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.)
Original documentdocumentKingcope Kingcope, [Full-disclosure] udev exploit (19.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation (17.04.2009)
Files:udev exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod