Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora: 2009-3711 High Severity udev Flaw Allows Root Access and DoS

fedora
Calendar Grey April 16, 2009
Dist Fedora Esm H88
A patch for Fedora has been released that tackles several vulnerabilities in udev, mitigating the potential threats associated with unauthorized root permissions and service interruptions.
udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system

Summary

The udev package contains an implementation of devfs in

userspace using sysfs and netlink.

Update Information:

udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world- writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) An integer overflow flaw, potentially leading to heap-based buffer overflow was found in one of the utilities providing functionality of the udev device information interface. An attacker could use this flaw to cause a denial of service, or possibly, to execute arbitrary code by providing a specially-crafted arguments as input to this utilit...

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora DoS root access udev

Change Log

* Thu Apr 16 2009 Harald Hoyer 127-5 - fix for CVE-2009-1186 * Wed Apr 15 2009 Harald Hoyer 127-4 - fix for CVE-2009-1185

References


[ 1 ] Bug #495051 - CVE-2009-1185 udev: Uncheck origin of NETLINK messages https://bugzilla.redhat.com/show_bug.cgi?id=495051 [ 2 ] Bug #495052 - CVE-2009-1186 udev: Buffer overflow in path encoding routine https://bugzilla.redhat.com/show_bug.cgi?id=495052

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update udev' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: udev
Product: Fedora 10
Version: 127
Release: 5.fc10
URL: Summary : A userspace implementation of devfs

Topics%20covered

Topics Covered

security advisory buffer overflow critical Fedora DoS root access udev

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here