Red Hat Bugzilla – Bug 580005
CVE-2010-1149 udisks v1.0.0: Device mapper table information leak
Last modified: 2010-04-12 08:25:16 EDT
Bastian Blank reported:
an information leak in the way udisks's disks and storage device
management daemon passed sensitive device mapper table
information to userspace processes via the udev interface.
Local attacker could use this flaw to conduct subsequent
unauthorized operations on storage device(s), which should
be otherwise protected by encryption / luks passphrase
Upstream bug report:
This issue did NOT affect the versions of the DeviceKit-disks
packages, as shipped with Fedora release of 11 and 12.
This is CVE-2010-1149.
udisks-1.0.1-1.fc13 has been submitted as an update for Fedora 13.
udisks-1.0.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.