Versions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland.
a339530d415e4d147ac5e6556a603790385a27c54518e11e95069181161f0615Mandriva Linux Security Advisory 2009-103 - Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.
38de169c54c1efda77134db6247a0bf49fc5eaef401aae8c03d5516972c6e537VMware Security Advisory - A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command. The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.
759e7d969ae9dbcf95da34e7d98cb345a45a4ba05ec0e0d5f59318f5305afec4Mandriva Linux Security Advisory 2009-104 - udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. The updated packages have been patched to prevent this.
e2f778a58e68d599de2ba53ebd615a409c33dca8819654433751264c35a5952cMandriva Linux Security Advisory 2009-103 - Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. The updated packages have been patched to prevent this.
cd2e31bea17b5583908595fc2d863efea69dd947c8453e4883a76468d131c428Linux 2.6 kernel udev versions below 1.4.1 local privilege escalation exploit.
bd6992d84b7f36f4d79d12ce8930abcac49295702f6e9938849399ecc5ab82cdLocal root exploit for the Linux 2.6 kernel udev vulnerability.
6b8094daa99e89f9da003c640337c6af989fe36c0a203df09ffa80b2b8f27e6dGentoo Linux Security Advisory GLSA 200904-18 - Two errors in udev allow for a local root compromise and a Denial of Service. Versions less than 124-r2 are affected.
608a182c5963162b9243d3477b9b676352fe1dbdf134e9d1808ebc79866b19fbDebian Security Advisory 1772-1 - Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon.
ce2e8b55c9a2b21b04a8bdd7c9e64cc29f98349742be875d9a6eb64c1050de6eUbuntu Security Notice USN-758-1 - Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service.
403f65c16827af7fc2d3ec856ded0e4c8179780173a8be6bb4a0c8d2bb73a00b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed