oss-sec mailing list archives
Re: Physical access vulnerabilities and auto-mounting
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 23 Feb 2011 10:41:35 -0700
* [2011-02-23 08:33:48 +0100] Sebastian Krahmer wrote:
Unfortunally I think nobody would care. As nobody cared that you actually do not need physical access. Via udisks DBUS service you can load any LKM via dbus-send --system --print-reply --dest=org.freedesktop.UDisks \ /org/freedesktop/UDisks/devices/sr0 \ org.freedesktop.UDisks.Device.FilesystemMount \ string:'LKM' array:string:'' I reported that several months ago to upstream but it was frozen to more or less a non-issue. Indeed nobody agreed that this is an issue to fix.
Please use CVE-2010-4661 for this udisks flaw. Some additional references: https://bugs.freedesktop.org/show_bug.cgi?id=32232 https://bugzilla.redhat.com/show_bug.cgi?id=664082 --Vincent Danen / Red Hat Security Response Team
Current thread:
- Physical access vulnerabilities and auto-mounting Dan Rosenberg (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Steve Grubb (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Timo Warns (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Steven M. Christey (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Nelson Elhage (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Solar Designer (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Michael Tokarev (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Sebastian Krahmer (Feb 22)
- Re: Physical access vulnerabilities and auto-mounting Vincent Danen (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Hanno Böck (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 22)