Date: Wed, 10 Mar 2010 12:11:07 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE Request: DeviceKit privilege escalation via pluggable storage device labels This is quite old, but I don't think a CVE name has ever been assigned to it. The issue is with how DeviceKit handled labels for pluggable storage devices. A local unprivileged user could use this flaw to elevate privileges. It has been corrected upstream. References: https://bugzilla.redhat.com/show_bug.cgi?id=523178 http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 http://bugs.freedesktop.org/show_bug.cgi?id=23235 Thanks. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.