Local Information Disclosure in UDisks Affects Multiple Linux Distributions
CVE-2010-1149

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Udisks
Vendor: CVE Published:; 12 April 2010

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2010-1149?

A vulnerability exists in the UDisks component before version 1.0.1, where the system exports sensitive UDISKS_DM_TARGETS_PARAMS to udev, even for encrypted targets. This flaw allows local users to potentially uncover encryption keys by executing specific udevadm commands or accessing certain files located in /dev/.udev/db. Organizations utilizing affected versions must address this issue promptly to prevent unauthorized access to sensitive information.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://bugzilla.novell.com/show_bug.cgi?id=594261

x_refsource_CONFIRM

https://launchpad.net/bugs/556651

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2010
Vulnerability Reserved
Mar 29, 2010