PT-2009-6721 · Linux+1 · Libvolume-Id0+10

Jon Oberheide

·

Published

1970-01-01

·

Updated

2023-02-13

·

CVE-2009-1185

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions udev versions prior to 1.4.1 libudev0-128 libudev-devel-128 libvolume-id0 libvolume id-095-14.20.el5 3 libvolume id-devel-095 libvolume id1-128 libvolume-id-dev udev-095 udev-128 udev-debuginfo-128 udev-debuginfo-085 udev-debugsource-128 udev-udeb
Description The issue concerns multiple vulnerabilities in the udev package and related libraries, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally, allowing local users to gain privileges by sending a NETLINK message from user space. The estimated number of potentially affected devices worldwide is not specified.
Recommendations For udev versions prior to 1.4.1, update to version 1.4.1 or later. For libudev0-128, libudev-devel-128, libvolume-id0, libvolume id-095-14.20.el5 3, libvolume id-devel-095, libvolume id1-128, libvolume-id-dev, udev-095, udev-128, udev-debuginfo-128, udev-debuginfo-085, udev-debugsource-128, and udev-udeb, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

BDU:2015-03658
BDU:2015-03659
BDU:2015-03660
BDU:2015-03661
BDU:2015-04379
BDU:2015-04380
BDU:2015-04381
BDU:2015-04382
BDU:2015-04383
BDU:2015-04384
BDU:2015-04385
BDU:2015-04386
BDU:2015-06827
BDU:2015-06828
BDU:2015-06954
BDU:2015-08508
CVE-2009-1185
DSA-1772-1
RHSA-2009:0427
RHSA-2009_0427

Affected Products

Red Hat
Libudev-Devel
Libudev0
Libvolume Id-Devel
Libvolume-Id0
Libvolume Id
Libvolume Id1
Udev
Udev-Debuginfo
Udev-Debugsource
Udev-Udeb