CentOS Local Security Checks : CentOS Update for udisks CESA-2014:0293 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881899

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for udisks CESA-2014:0293 centos6

Zusammenfassung: The remote host is missing an update for the 'udisks'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'udisks'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The udisks package provides a daemon, a D-Bus API, and command line
utilities for managing disks and storage devices.

A stack-based buffer overflow flaw was found in the way udisks handled
files with long path names. A malicious, local user could use this flaw to
create a specially crafted directory structure that, when processed by the
udisks daemon, could lead to arbitrary code execution with the privileges
of the udisks daemon (root). (CVE-2014-0004)

This issue was discovered by Florian Weimer of the Red Hat Product
Security Team.

All udisks users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Affected Software/OS:
udisks on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0004
66081
http://www.securityfocus.com/bid/66081
DSA-2872
http://www.debian.org/security/2014/dsa-2872
RHSA-2014:0293
http://rhn.redhat.com/errata/RHSA-2014-0293.html
USN-2142-1
http://www.ubuntu.com/usn/USN-2142-1
[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates
http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
openSUSE-SU-2014:0388
http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html
openSUSE-SU-2014:0389
http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html
openSUSE-SU-2014:0390
http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html

Copyright Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881899
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for udisks CESA-2014:0293 centos6
Zusammenfassung:	The remote host is missing an update for the 'udisks'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'udisks' package(s) announced via the referenced advisory. Vulnerability Insight: The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon (root). (CVE-2014-0004) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: udisks on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0004 66081 http://www.securityfocus.com/bid/66081 DSA-2872 http://www.debian.org/security/2014/dsa-2872 RHSA-2014:0293 http://rhn.redhat.com/errata/RHSA-2014-0293.html USN-2142-1 http://www.ubuntu.com/usn/USN-2142-1 [devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html openSUSE-SU-2014:0388 http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html openSUSE-SU-2014:0389 http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html openSUSE-SU-2014:0390 http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html
Copyright	Copyright (C) 2014 Greenbone AG