Note:
This project will be discontinued after December 13, 2021. [more]
2010-04-12
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
Products | Udisks |
Type | Information Exposure (CWE-200) |
First patch | - None (likely due to unavailable code) |
Links |
• https://bugzilla.redhat.com/show_bug.cgi?id=580005
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687 • https://launchpad.net/bugs/556651 • http://secunia.com/advisories/39332 • http://www.securityfocus.com/bid/39265 |