Bug 1632828 (CVE-2018-17336)
Summary: | CVE-2018-17336 udisks: Format string vulnerability in udisks_log in udiskslogging.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | amigadave, guazhang, psampaio, sisharma, tbzatek, vtrefny |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 13:19:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1632829, 1632830, 1632831, 1637427, 1723704 | ||
Bug Blocks: | 1632832 |
Description
Pedro Sampaio
2018-09-25 15:53:03 UTC
Created udisks tracking bugs for this issue: Affects: fedora-all [bug 1632829] Created udisks2 tracking bugs for this issue: Affects: fedora-all [bug 1632830] For the attack to be successful, an attacker should have physical access to the machine and be able to insert a USB device with a malformed filesystem and wait until udisks2 automount it. This usually happen automatically for a USB device when the user uses a graphical environment (e.g. GNOME). Otherwise, the attack may still be performed if an attacker already has high privileges that allow him to mount devices with udisksctl. On RHEL the udisks2 packages are compiled with FORTIFY_SOURCE=2, which makes these kind of attacks less dangerous because the classic '%n' is blocked, if the format string is in a writable segment as in this case. This however does not prevent information leaks or crashes. Hello I see the bug have added to errata[1], Could you please update the bug to ONQA and update "Fixed In Version" [1]https://errata.devel.redhat.com/advisory/43919 thanks guazhang This is a tracker bug created by the security team, I don't think we should be changing this one. I think this bug was not supposed to be added to the advisory. (In reply to Vojtech Trefny from comment #10) > This is a tracker bug created by the security team, I don't think we should > be changing this one. I think this bug was not supposed to be added to the > advisory. The bug was dropped from the Errata. No need to change now. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2178 https://access.redhat.com/errata/RHSA-2019:2178 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-17336 |