J-Security Center

Title: udev Path Encoding Local Denial of Service Vulnerability

Severity: MODERATE

Description:

The 'udev' application helps users manage the '/dev' directory and provides persistent device names. It is available for Linux.

The application is prone to a local denial-of-service vulnerability that is caused by a buffer-overflow error when encoding paths.

Exploiting this issue allows local attackers to crash the application. Attackers may also be able to execute code with elevated privileges, but this has not been confirmed.

This issue affects udev as shipped with Ubuntu Linux releases; other versions may also be vulnerable.

Affected Products:

  • Debian Linux 4.0
  • Debian Linux 4.0 alpha
  • Debian Linux 4.0 amd64
  • Debian Linux 4.0 arm
  • Debian Linux 4.0 armel
  • Debian Linux 4.0 hppa
  • Debian Linux 4.0 ia-32
  • Debian Linux 4.0 ia-64
  • Debian Linux 4.0 m68k
  • Debian Linux 4.0 mips
  • Debian Linux 4.0 mipsel
  • Debian Linux 4.0 powerpc
  • Debian Linux 4.0 s/390
  • Debian Linux 4.0 sparc
  • Debian Linux 5.0
  • Debian Linux 5.0 alpha
  • Debian Linux 5.0 amd64
  • Debian Linux 5.0 arm
  • Debian Linux 5.0 armel
  • Debian Linux 5.0 hppa
  • Debian Linux 5.0 ia-32
  • Debian Linux 5.0 ia-64
  • Debian Linux 5.0 m68k
  • Debian Linux 5.0 mips
  • Debian Linux 5.0 mipsel
  • Debian Linux 5.0 powerpc
  • Debian Linux 5.0 s/390
  • Debian Linux 5.0 sparc
  • Gentoo Linux
  • MandrakeSoft Linux Mandrake 2008.1
  • MandrakeSoft Linux Mandrake 2008.1 x86_64
  • MandrakeSoft Linux Mandrake 2009.0
  • MandrakeSoft Linux Mandrake 2009.0 x86_64
  • Pardus Linux 2008
  • RedHat Fedora 10
  • RedHat Fedora 9
  • S.u.S.E. Linux Enterprise Desktop 10 SP2
  • S.u.S.E. SLE 11
  • S.u.S.E. SLED 11
  • S.u.S.E. SLES 11
  • S.u.S.E. SLES 11 DEBUGINFO
  • S.u.S.E. SUSE Linux Enterprise Server 10 SP2
  • S.u.S.E. openSUSE 10.3
  • S.u.S.E. openSUSE 11.0
  • S.u.S.E. openSUSE 11.1
  • Slackware Linux -current
  • Slackware Linux 10.2.0
  • Slackware Linux 11.0
  • Slackware Linux 12.0
  • Slackware Linux 12.1
  • Slackware Linux 12.2
  • Ubuntu Ubuntu Linux 6.06 LTS amd64
  • Ubuntu Ubuntu Linux 6.06 LTS i386
  • Ubuntu Ubuntu Linux 6.06 LTS powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS sparc
  • Ubuntu Ubuntu Linux 7.10 amd64
  • Ubuntu Ubuntu Linux 7.10 i386
  • Ubuntu Ubuntu Linux 7.10 lpia
  • Ubuntu Ubuntu Linux 7.10 powerpc
  • Ubuntu Ubuntu Linux 7.10 sparc
  • Ubuntu Ubuntu Linux 8.04 LTS amd64
  • Ubuntu Ubuntu Linux 8.04 LTS i386
  • Ubuntu Ubuntu Linux 8.04 LTS lpia
  • Ubuntu Ubuntu Linux 8.04 LTS powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS sparc
  • Ubuntu Ubuntu Linux 8.10 amd64
  • Ubuntu Ubuntu Linux 8.10 i386
  • Ubuntu Ubuntu Linux 8.10 lpia
  • Ubuntu Ubuntu Linux 8.10 powerpc
  • Ubuntu Ubuntu Linux 8.10 sparc
  • rPath Appliance Platform Linux Service 1
  • rPath Appliance Platform Linux Service 2
  • rPath rPath Linux 1
  • rPath rPath Linux 2
  • udev udev 124

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.