Re: CVE Request: DeviceKit privilege escalation via pluggable storage device labels

[Josh Bressers <bressers () redhat com>]

----- "Vincent Danen" <vdanen () redhat com> wrote:

> This is quite old, but I don't think a CVE name has ever been assigned to
> it.  The issue is with how DeviceKit handled labels for pluggable storage
> devices.  A local unprivileged user could use this flaw to elevate
> privileges.  It has been corrected upstream.
>
> References:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=523178
> http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
> http://bugs.freedesktop.org/show_bug.cgi?id=23235

Please use CVE-2010-0746

Thanks

-- 
    JB