udev

• Author: Miklos Vajna
• Vulnerable: 139-1
• Unaffected: 141-1anacreon1

Some vulnerabilities have been reported in udev, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

1. A vulnerability is caused due to udev not properly verifying the credentials of received NETLINK messages. This can be exploited to gain escalated privileges by sending multicast NETLINK messages.
2. A vulnerability is caused due to a boundary error within the “util_path_encode()” function in udev/lib/libudev-util.c. This can be exploited to cause a crash by providing specially crafted input.

• Bug Tracker URL: http://bugs.frugalware.org/task/3745

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186