6.9 - GLSA-201405-01

Executive Summary

Summary
Title	udisks: Arbitrary code execution

Informations
Name	GLSA-201405-01	First vendor Publication	2014-05-02
Vendor	Gentoo	Last vendor Modification	2014-05-02
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A stack-based buffer overflow vulnerability has been found in udisks, allowing a local attacker to possibly execute arbitrary code or cause Denial of Service.

Background

udisks is an abstraction for enumerating block devices and performing operations on them.

Description

A stack-based buffer overflow can be triggered when udisks is given a long path name as a mount point.

Impact

A local attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All udisks 1.0 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/udisks-1.0.5:0"

All udisks 2.0 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.1.3"

References

[ 1 ] CVE-2014-0004 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0004

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201405-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201405-01.xml

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23531

Oval ID:	oval:org.mitre.oval:def:23531
Title:	ELSA-2014:0293: udisks security update (Important)
Description:	Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0293-00 CVE-2014-0004	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	udisks
Definition Synopsis:
Oracle Linux 6.x rpm test udisks-devel-docs is earlier than 0:1.0.1-7.el6_5 AND udisks-devel is earlier than 0:1.0.1-7.el6_5 AND udisks is earlier than 0:1.0.1-7.el6_5

Definition Id: oval:org.mitre.oval:def:23999

Oval ID:	oval:org.mitre.oval:def:23999
Title:	RHSA-2014:0293: udisks security update (Important)
Description:	The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon (root). (CVE-2014-0004) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0293-00 CESA-2014:0293 CVE-2014-0004	Version:	8
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	udisks
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section udisks-devel-docs is earlier than 0:1.0.1-7.el6_5 AND udisks-devel is earlier than 0:1.0.1-7.el6_5 AND udisks is earlier than 0:1.0.1-7.el6_5

Definition Id: oval:org.mitre.oval:def:24408

Oval ID:	oval:org.mitre.oval:def:24408
Title:	DSA-2872-1 udisks - buffer overflow
Description:	Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation.
Family:	unix	Class:	patch
Reference(s):	DSA-2872-1 CVE-2014-0004	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7	Product(s):	udisks
Definition Synopsis:
Debian 6.0 release section Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND udisks DPKG is earlier than 0:1.0.1+git20100614-3squeeze1 AND Debian 7.x release section Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND udisks DPKG is earlier than 0:1.0.4-7wheezy1

Definition Id: oval:org.mitre.oval:def:24425

Oval ID:	oval:org.mitre.oval:def:24425
Title:	USN-2142-1 -- udisks, udisks2 vulnerability
Description:	UDisks could be made to manipulate directories as the administrator.
Family:	unix	Class:	patch
Reference(s):	USN-2142-1 CVE-2014-0004	Version:	5
Platform(s):	Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04	Product(s):	udisks udisks2
Definition Synopsis:
Ubuntu 13.10 release section Ubuntu 13.10 is installed Packages match section udisks DPKG is earlier than 0:1.0.4-8ubuntu1.1 AND udisks2 DPKG is earlier than 0:2.1.0-4ubuntu0.1 AND Ubuntu 12.10 release section Ubuntu 12.10 is installed Packages match section udisks DPKG is earlier than 0:1.0.4-6ubuntu0.1 AND udisks2 DPKG is earlier than 0:2.0.0-1ubuntu1.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND udisks DPKG is earlier than 0:1.0.4-5ubuntu2.2

Definition Id: oval:org.mitre.oval:def:27365

Oval ID:	oval:org.mitre.oval:def:27365
Title:	DEPRECATED: ELSA-2014-0293 -- udisks security update (important)
Description:	[1.0.1-7.el6_5] - Make sure doc subpackage is noarch [1.0.1-6.el6_5] - Put devel-docs in a separate package (related: rhbz#1070145) . [1.0.1-5.el6_5] - Related: rhbz#1070145.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0293 CVE-2014-0004	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	udisks
Definition Synopsis:
Oracle Linux 6.x Packages match section udisks is earlier than 0:1.0.1-7.el6_5 AND udisks-devel is earlier than 0:1.0.1-7.el6_5 AND udisks-devel-docs is earlier than 0:1.0.1-7.el6_5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Freedesktop Udisks cpe:2.3:a:freedesktop:udisks:2.1.2:::::::* cpe:2.3:a:freedesktop:udisks:2.1.1:::::::* cpe:2.3:a:freedesktop:udisks:2.1.0:::::::* cpe:2.3:a:freedesktop:udisks:2.0.92:::::::* cpe:2.3:a:freedesktop:udisks:2.0.91:::::::* cpe:2.3:a:freedesktop:udisks:2.0.90:::::::* cpe:2.3:a:freedesktop:udisks:2.0.1:::::::* cpe:2.3:a:freedesktop:udisks:2.0.0:::::::* cpe:2.3:a:freedesktop:udisks:1.0.1:::::::* cpe:2.3:a:freedesktop:udisks:1.0:::::::*	10
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*	3

Nessus® Vulnerability Scanner

Date	Description
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-088.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-219.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-220.nasl - Type : ACT_GATHER_INFO
2014-05-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-01.nasl - Type : ACT_GATHER_INFO
2014-04-09	Name : The remote Fedora host is missing a security update. File : fedora_2014-3839.nasl - Type : ACT_GATHER_INFO
2014-03-31	Name : The remote Fedora host is missing a security update. File : fedora_2014-3818.nasl - Type : ACT_GATHER_INFO
2014-03-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-3714.nasl - Type : ACT_GATHER_INFO
2014-03-18	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-064.nasl - Type : ACT_GATHER_INFO
2014-03-17	Name : The remote Fedora host is missing a security update. File : fedora_2014-3723.nasl - Type : ACT_GATHER_INFO
2014-03-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0293.nasl - Type : ACT_GATHER_INFO
2014-03-14	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0293.nasl - Type : ACT_GATHER_INFO
2014-03-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0293.nasl - Type : ACT_GATHER_INFO
2014-03-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140313_udisks_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-03-12	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-070-01.nasl - Type : ACT_GATHER_INFO
2014-03-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2872.nasl - Type : ACT_GATHER_INFO
2014-03-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2142-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-05-04 13:22:47	Multiple Updates
2014-05-02 09:18:31	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	5
CPE ID(s)	13
Nessus® Exploit(s)	16

	Related
6.9	CVE-2014-0004
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.9 - GLSA-201405-01

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU