Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: DeviceKit privilege escalation via pluggable storage device labels
From: Josh Bressers <bressers () redhat com>
Date: Thu, 1 Apr 2010 11:56:39 -0400 (EDT)


----- "Vincent Danen" <vdanen () redhat com> wrote:

This is quite old, but I don't think a CVE name has ever been assigned to
it.  The issue is with how DeviceKit handled labels for pluggable storage
devices.  A local unprivileged user could use this flaw to elevate
privileges.  It has been corrected upstream.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=523178
http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
http://bugs.freedesktop.org/show_bug.cgi?id=23235


Please use CVE-2010-0746

Thanks

-- 
    JB


  By Date           By Thread  

Current thread:
  • Re: CVE Request: DeviceKit privilege escalation via pluggable storage device labels Josh Bressers (Apr 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]