Computer Security
[EN] securityvulns.ru no-pyccku


udev multiple security vulnerabilities
updated since 17.04.2009
Published:19.04.2009
Source:
SecurityVulns ID:9846
Type:local
Threat Level:
6/10
Description:Privilege escalation with NETLINK messages, buffer overflow on path encoding.
Affected:UDEV : udev 0.125
CVE:CVE-2009-1186 (Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.)
 CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.)
Original documentdocumentKingcope Kingcope, [Full-disclosure] udev exploit (19.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1772-1] New udev packages fix privilege escalation (17.04.2009)
Files:udev exploit

JBoss directory traversal
Published:19.04.2009
Source:
SecurityVulns ID:9857
Type:remote
Threat Level:
5/10
Description:Directory traversal in echo/Echo
Affected:JBOSS : JBoss Application Server 5.0
Original documentdocumentfailer, Jboss dir.traversal (19.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod