Azitech

Azimout's Linux weblog

udev <141 exploit

with 4 comments

Dereck shared with me this linux security exploit: udev < 141 Local Privilege Escalation Exploit, a.k.a. CVE-2009-1185

It affects distributions that ship with udev version <141. Ubuntu ships udev 141 in Jaunty (124 in Intrepid), so I’m covered.

Thought: what does it tell you, the fact that they only find vulnerabilities in old versions of the Linux ecosystem?

Advertisements

Written by azimout

18/05/2009 at 21:19

Posted in News

4 Responses

Subscribe to comments with RSS.

  1. doesn’t seem to work on my gentoo installation, even though i still have udev 124… maybe i made some error.

    danilo

    18/05/2009 at 23:13

  2. ah, found the reason why… gentoo docs say that vulnerable versions are < 124-r2. which is the version i have installed.

    danilo

    18/05/2009 at 23:14

  3. On the other hand this is a quite old “attack vector”. I’ve seen similar vulnerability in zebra routing suite almost 6 years ago.

    See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0858

    zImage

    19/05/2009 at 15:15

  4. Hellp zImage, thanks for stopping by, and thanks for the info!
    Looking at your blog right now, seems interesting!

    azimout

    19/05/2009 at 22:39


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: