oss-sec mailing list archives

CVE Request: DeviceKit privilege escalation via pluggable storage device labels

From: Vincent Danen <vdanen () redhat com>
Date: Wed, 10 Mar 2010 12:11:07 -0700

This is quite old, but I don't think a CVE name has ever been assigned
to it.  The issue is with how DeviceKit handled labels for pluggable
storage devices.  A local unprivileged user could use this flaw to
elevate privileges.  It has been corrected upstream.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=523178
http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
http://bugs.freedesktop.org/show_bug.cgi?id=23235

Thanks.

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE Request: DeviceKit privilege escalation via pluggable storage device labels Vincent Danen (Mar 10)