what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2009-1185

Status Candidate

Overview

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Related Files

Linux udev Netlink Local Privilege Escalation
Posted Sep 14, 2012
Authored by Kingcope, Jon Oberheide, egypt | Site metasploit.com

Versions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland.

tags | exploit, kernel, local
advisories | CVE-2009-1185
SHA-256 | a339530d415e4d147ac5e6556a603790385a27c54518e11e95069181161f0615
Mandriva Linux Security Advisory 2009-103
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-103 - Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. The updated packages have been patched to prevent this. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, overflow, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1185, CVE-2009-1186
SHA-256 | 38de169c54c1efda77134db6247a0bf49fc5eaef401aae8c03d5516972c6e537
VMware Security Advisory 2009-0009
Posted Jul 13, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - A vulnerability in the udev program did not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Sudo versions 1.6.9p17 through 1.6.9p19 do not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which might allow local users to leverage an applicable sudoers file and gain root privileges by using a sudo command. The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to trigger arbitrary requests to intranet servers, read or overwrite arbitrary files by using a redirect to a file: URL, or execute arbitrary commands by using a redirect to an scp: URL.

tags | advisory, remote, web, arbitrary, kernel, local, root
advisories | CVE-2009-1185, CVE-2009-0034, CVE-2009-0037
SHA-256 | 759e7d969ae9dbcf95da34e7d98cb345a45a4ba05ec0e0d5f59318f5305afec4
Mandriva Linux Security Advisory 2009-104
Posted May 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-104 - udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. The updated packages have been patched to prevent this.

tags | advisory, kernel, local
systems | linux, mandriva
advisories | CVE-2009-1185
SHA-256 | e2f778a58e68d599de2ba53ebd615a409c33dca8819654433751264c35a5952c
Mandriva Linux Security Advisory 2009-103
Posted May 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-103 - Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. The updated packages have been patched to prevent this.

tags | advisory, denial of service, overflow, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1185, CVE-2009-1186
SHA-256 | cd2e31bea17b5583908595fc2d863efea69dd947c8453e4883a76468d131c428
Linux Kernel 2.6 UDEV Privilege Escalation
Posted May 1, 2009
Authored by Jon Oberheide

Linux 2.6 kernel udev versions below 1.4.1 local privilege escalation exploit.

tags | exploit, kernel, local
systems | linux
advisories | CVE-2009-1185
SHA-256 | bd6992d84b7f36f4d79d12ce8930abcac49295702f6e9938849399ecc5ab82cd
Linux 2.6 Kernel UDEV Exploit
Posted Apr 20, 2009
Authored by Kingcope

Local root exploit for the Linux 2.6 kernel udev vulnerability.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2009-1185
SHA-256 | 6b8094daa99e89f9da003c640337c6af989fe36c0a203df09ffa80b2b8f27e6d
Gentoo Linux Security Advisory 200904-18
Posted Apr 20, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-18 - Two errors in udev allow for a local root compromise and a Denial of Service. Versions less than 124-r2 are affected.

tags | advisory, denial of service, local, root
systems | linux, gentoo
advisories | CVE-2009-1185, CVE-2009-1186
SHA-256 | 608a182c5963162b9243d3477b9b676352fe1dbdf134e9d1808ebc79866b19fb
Debian Linux Security Advisory 1772-1
Posted Apr 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1772-1 - Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-1185, CVE-2009-1186
SHA-256 | ce2e8b55c9a2b21b04a8bdd7c9e64cc29f98349742be875d9a6eb64c1050de6e
Ubuntu Security Notice 758-1
Posted Apr 15, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-758-1 - Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service.

tags | advisory, denial of service, overflow, local, root
systems | linux, ubuntu
advisories | CVE-2009-1185, CVE-2009-1186
SHA-256 | 403f65c16827af7fc2d3ec856ded0e4c8179780173a8be6bb4a0c8d2bb73a00b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close