CentOS Update For Udisks CESA-2014:0293 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon (root). (CVE-2014-0004) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

udisks on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2014-March/020200.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0004
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0362 (NetworkManager)
CentOS Update for apr CESA-2011:0507 centos4 x86_64
CentOS Security Advisory CESA-2009:1138 (openswan)
CentOS Security Advisory CESA-2009:1528 (samba)
CentOS Security Advisory CESA-2009:1452 (neon)

CentOS Update for udisks CESA-2014:0293 centos6

Take action and discover your vulnerabilities