Date: Mon, 10 Mar 2014 15:46:04 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: udisks and udisks2: stack-based buffer overflow when handling long path names Hi All, Florian Weimer of the Red Hat Product Security Team, found a flaw in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root). This issue has been assigned CVE-2014-0004. References: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Patches: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471 http://cgit.freedesktop.org/udisks/commit/?id=244967 Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1049703 -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ