Debian Security Advisory DSA 2872-1 (udisks - Several Vulnerabilities) Network Vulnerability

Summary

Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 1.0.1+git20100614-3squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.0.4-7wheezy1. For the unstable distribution (sid), this problem has been fixed in version 1.0.5-1. We recommend that you upgrade your udisks packages.

Insight

udisks is an abstraction for enumerating block devices and performing operations on them. Any application can access the org.freedesktop.UDisks service on the system message bus. Some operations (such as formatting disks etc.) are restricted using PolicyKit.

Affected

udisks on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2872.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0004

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 2872-1 (udisks - several vulnerabilities)

Take action and discover your vulnerabilities