Bug 865854 (CVE-2014-0004)

Summary: VUL-0: CVE-2014-0004: udisks: udisks2: local code execution
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner, pwieczorkiewicz, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Victor Pereira 2014-02-26 15:40:19 UTC 
CVE-2014-0004

Florian Weimer of the Red Hat Product Security Team found a flaw in the
way udisks and udisks2 handled long path names. A malicious, local user
could use this flaw to create a specially-crafted directory structure
that could lead to arbitrary code execution with the privileges of the
udisks daemon (root).
Comment 4 Swamp Workflow Management 2014-02-26 23:00:44 UTC 
bugbot adjusting priority
Comment 5 Stefan Behlert 2014-02-27 10:00:43 UTC 
No idea where this cme from. Stefan F., I think this belongs into your team?
Comment 9 Marcus Meissner 2014-03-10 10:12:46 UTC 
that said, it just went public

Date: Mon, 10 Mar 2014 15:46:04 +0530
From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
Subject: [oss-security] udisks and udisks2: stack-based buffer overflow when handling long
 path names

Hi All,

Florian Weimer of the Red Hat Product Security Team, found a flaw in
the way udisks and udisks2 handled long path names. A malicious, local
user could use this flaw to create a specially-crafted directory
structure that could lead to arbitrary code execution with the
privileges of the udisks daemon (root).

This issue has been assigned CVE-2014-0004.

References:
http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html

Patches:
http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471
http://cgit.freedesktop.org/udisks/commit/?id=244967

Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1049703
Comment 10 Bernhard Wiedemann 2014-03-10 15:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (865854) was mentioned in
https://build.opensuse.org/request/show/225457 13.1+12.3 / udisks
https://build.opensuse.org/request/show/225464 13.1+12.3 / udisks2
Comment 12 Marcus Meissner 2014-03-10 16:43:56 UTC 
looking good.

usually you would reassign this bug to security-team now.
Comment 14 Bernhard Wiedemann 2014-03-14 14:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (865854) was mentioned in
https://build.opensuse.org/request/show/225955 Factory / udisks
Comment 15 Swamp Workflow Management 2014-03-18 08:04:27 UTC 
openSUSE-SU-2014:0388-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 865854
CVE References: CVE-2014-0004
Sources used:
openSUSE 13.1 (src):    udisks2-2.1.1-2.4.1
openSUSE 12.3 (src):    udisks2-2.0.0-5.8.1
Comment 16 Swamp Workflow Management 2014-03-18 08:04:42 UTC 
openSUSE-SU-2014:0389-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 865854
CVE References: CVE-2014-0004
Sources used:
openSUSE 13.1 (src):    udisks-1.0.4-13.4.1
openSUSE 12.3 (src):    udisks-1.0.4-11.4.1
Comment 17 Marcus Meissner 2014-03-18 08:04:58 UTC 
released
Comment 18 Swamp Workflow Management 2014-03-18 09:04:21 UTC 
openSUSE-SU-2014:0390-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 865854
CVE References: CVE-2014-0004
Sources used:
openSUSE 11.4 (src):    udisks-1.0.2-3.16.1