CVE-2009-1186

Name of the Vulnerable Software and Affected Versions udev versions prior to 1.4.1 libudev0-128 libudev-devel-128 libvolume-id0 libvolume id-devel-128 libvolume id1-128 udev-udeb udev-debugsource-128 udev-128 udev-debuginfo-128 udev-debuginfo-085 libvolume-id-dev

Description The issue concerns multiple vulnerabilities in the udev package of various Linux distributions, including SUSE Linux Enterprise and Debian GNU/Linux. These vulnerabilities can be exploited locally, potentially leading to a breach of confidentiality, integrity, and availability of protected information. A buffer overflow in the util path encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service via crafted arguments.

Recommendations For udev versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. For libudev0-128, libudev-devel-128, libvolume-id0, libvolume id-devel-128, libvolume id1-128, udev-udeb, udev-debugsource-128, udev-128, udev-debuginfo-128, and udev-debuginfo-085, consider disabling the vulnerable components until a patch is available. As a temporary workaround, restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using crafted arguments that may trigger the buffer overflow in the util path encode function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability in some of the affected packages.