Vulnerability Details : CVE-2014-0004
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-0004
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.0.92:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.0.90:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.0.91:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:udisks:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0004
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0004
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-0004
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0004
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html
openSUSE-SU-2014:0390-1: moderate: udisks: fixed a buffer overflow
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html
openSUSE-SU-2014:0389-1: moderate: udisks: fixed a buffer overflow
-
http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html
openSUSE-SU-2014:0388-1: moderate: udisks2: fixed buffer overflow in mou
-
http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
udisks 2.1.3 / 1.0.5 security updatesPatch
-
http://rhn.redhat.com/errata/RHSA-2014-0293.html
RHSA-2014:0293 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2014/dsa-2872
Debian -- Security Information -- DSA-2872-1 udisks
-
http://www.securityfocus.com/bid/66081
Udisks and Udisks2 Long Path Names Local Stack Buffer Overflow Vulnerability
-
http://www.ubuntu.com/usn/USN-2142-1
USN-2142-1: UDisks vulnerability | Ubuntu security notices
Jump to