PT-2010-2865 · Linux · Udisks

Josh Bressers

Published

2010-04-12

Updated

2024-06-15

CVE-2010-1149

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions udisks versions prior to 1.0.1

Description The issue allows local users to discover encryption keys by either running a certain udevadm command or reading a certain file under /dev/.udev/db/. This is due to the export of UDISKS DM TARGETS PARAMS information to udev, even for a crypt UDISKS DM TARGETS TYPE.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-1149

OPENSUSE-SU-2024:10408-1

Affected Products

Udisks

PT-2010-2865 · Linux · Udisks

CVE-2010-1149

Weakness Enumeration

Related Identifiers

Affected Products

References · 14