Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Mar 2014 15:46:04 +0530
From: Huzaifa Sidhpurwala <>
Subject: udisks and udisks2: stack-based buffer overflow when handling long
 path names

Hi All,

Florian Weimer of the Red Hat Product Security Team, found a flaw in
the way udisks and udisks2 handled long path names. A malicious, local
user could use this flaw to create a specially-crafted directory
structure that could lead to arbitrary code execution with the
privileges of the udisks daemon (root).

This issue has been assigned CVE-2014-0004.



Red Hat bugzilla:

Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ