CVE-2018-17336 – udisks: Format string vulnerability in udisks_log in udiskslogging.c
https://notcve.org/view.php?id=CVE-2018-17336
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. UDisks 2.8.0 tiene una vulnerabilidad de cadena de formato en udisks_log en udiskslogging.c, lo que permite a los atacantes obtener información sensible (contenido de la pila), causar una denegación de servicio (corrupción de la memoria), o, posiblemente, provocar otro impacto no especificado a través de una etiqueta de sistema de archivos mal formada, tal y como queda demostrado con las subcadenas %d o %n. An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects. • https://access.redhat.com/errata/RHSA-2019:2178 https://github.com/storaged-project/udisks/issues/578 https://usn.ubuntu.com/3772-1 https://access.redhat.com/security/cve/CVE-2018-17336 https://bugzilla.redhat.com/show_bug.cgi?id=1632828 • CWE-134: Use of Externally-Controlled Format String •
CVE-2014-0004 – udisks2: stack-based buffer overflow when handling long path names
https://notcve.org/view.php?id=CVE-2014-0004
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. Desbordamiento de buffer basado en pila en udisks anterior a 1.0.5 y 2.x anterior a 2.1.3 permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un punto de montaje largo. • http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html http://rhn.redhat.com/errata/RHSA-2014-0293.html http://www.debian.org/security/2014/dsa-2872 http://www.securityfocus.com/bid/66081 http://www.ubuntu.com/usn/USN-2142-1 https://access.redhat.com/security/cve& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2010-1149
https://notcve.org/view.php?id=CVE-2010-1149
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/. probers/udisks-dm-export.c en udisks anteriores a v1.0.1 exporta información UDISKS_DM_TARGETS_PARAMS a udev incluso para UDISKS_DM_TARGETS_TYPE cifrados, lo que permite a usuarios locales descubrir las claves de cifrado mediante (1) la ejecución de cierto comando udevadm o (2) la lectura de cierto fichero bajo /dev/.udev/db/. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687 http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039060.html http://secunia.com/advisories/39332 http://www.securityfocus.com/bid/39265 https://bugs.freedesktop.org/show_bug.cgi?id=27494 https://bugzilla.novell.com/show_bug.cgi?id=594261 https://bugzilla.redhat.com/show_bug.cgi? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •