Bug 1049703 (CVE-2014-0004)

Summary: CVE-2014-0004 udisks and udisks2: stack-based buffer overflow when handling long path names
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: bressers, fweimer, jkurik, jrusnack, jsafrane, mclasen, pfrields, security-response-team, tbzatek, tsmetana, vdanen, zeenix, zeuthen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-14 05:49:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1070144, 1070145, 1070147, 1074458, 1074459    
Bug Blocks: 1035839, 1049704    
Attachments:
Description Flags
Patch from davidz none

Description Murray McAllister 2014-01-08 03:29:51 UTC
udisks and udisks2 provide a daemon, D-Bus API, and command line tools for managing disks and storage devices. A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon (root).

Acknowledgements:

This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

Comment 7 Josh Bressers 2014-02-25 20:00:24 UTC
Created attachment 867616 [details]
Patch from davidz

I've tested this, it does seem to fix the issue.

Comment 19 Huzaifa S. Sidhpurwala 2014-03-10 10:08:41 UTC
Created udisks2 tracking bugs for this issue:

Affects: fedora-all [bug 1074459]

Comment 20 Huzaifa S. Sidhpurwala 2014-03-10 10:08:49 UTC
Created udisks tracking bugs for this issue:

Affects: fedora-all [bug 1074458]

Comment 23 Matthias Clasen 2014-03-11 17:25:16 UTC
You should, now

Comment 24 errata-xmlrpc 2014-03-13 19:22:25 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0293 https://rhn.redhat.com/errata/RHSA-2014-0293.html

Comment 25 Fedora Update System 2014-03-15 15:04:05 UTC
udisks2-2.1.2-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2014-03-19 08:50:35 UTC
udisks2-2.1.2-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.