oss-sec mailing list archives
Re: CVE Request: DeviceKit privilege escalation via pluggable storage device labels
From: Josh Bressers <bressers () redhat com>
Date: Thu, 1 Apr 2010 11:56:39 -0400 (EDT)
----- "Vincent Danen" <vdanen () redhat com> wrote:
This is quite old, but I don't think a CVE name has ever been assigned to it. The issue is with how DeviceKit handled labels for pluggable storage devices. A local unprivileged user could use this flaw to elevate privileges. It has been corrected upstream. References: https://bugzilla.redhat.com/show_bug.cgi?id=523178 http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2 http://bugs.freedesktop.org/show_bug.cgi?id=23235
Please use CVE-2010-0746 Thanks -- JB
Current thread:
- Re: CVE Request: DeviceKit privilege escalation via pluggable storage device labels Josh Bressers (Apr 01)