A privilege escalation flaw was found in the way DeviceKit used to handle
labels for pluggable storage devices. A local, unprivileged user could
provide a specially-crafted string as a name, for the newly created / added
system device, leading to escalation of his privileges.
Upstream bug report:
This issue affects the versions of DeviceKit-disks package, as shipped
with Fedora releases of 10 and 11 (DeviceKit-disks-002-1.git20080720.fc10
Relevant upstream commits, noted for posterity:
This is corrected in the upstream version of DeviceKit-disks as shipped with Fedora 12. It is not fixed in Fedora 11.
This is CVE-2010-0746.
An exploit/proof-of-concept for this is now public: