udev prior 1.4.0 udev/lib/libudev-util.c util_path_encode memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in udev. It has been rated as problematic. This affects the function util_path_encode in the library udev/lib/libudev-util.c. This manipulation causes memory corruption.
This vulnerability appears as CVE-2009-1186. There is no available exploit.
Upgrading the affected component is advised.
Details
A vulnerability has been found in udev and classified as problematic. Affected by this vulnerability is the function util_path_encode in the library udev/lib/libudev-util.c. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect availability. The summary by CVE is:
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
The bug was discovered 04/15/2009. The weakness was presented 04/17/2009 by Sebastian Krahmer (Website). It is possible to read the advisory at redhat.com. This vulnerability is known as CVE-2009-1186 since 03/31/2009. The exploitation appears to be easy. Attacking locally is a requirement. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 36172 (Debian DSA-1772-1 : udev - several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 165639 (SUSE Enterprise Linux Security Update Udev Local Privilege Escalation (SUSE-SA:2009:020)).
Upgrading to version 1.4.0 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (49950), Tenable (36172), SecurityFocus (BID 34539†), OSVDB (53811†) and Secunia (SA34731†). See VDB-47802 for similar entry. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.6
VulDB Base Score: 4.0
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 36172
Nessus Name: Debian DSA-1772-1 : udev - several vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 63842
OpenVAS Name: Debian Security Advisory DSA 1772-1 (udev)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: udev 1.4.0
Timeline
03/31/2009 🔍04/15/2009 🔍
04/15/2009 🔍
04/16/2009 🔍
04/16/2009 🔍
04/16/2009 🔍
04/17/2009 🔍
04/17/2009 🔍
04/17/2009 🔍
04/17/2009 🔍
04/19/2009 🔍
03/17/2015 🔍
09/01/2019 🔍
Sources
Advisory: redhat.comResearcher: Sebastian Krahmer
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-1186 (🔍)
GCVE (CVE): GCVE-0-2009-1186
GCVE (VulDB): GCVE-100-47803
OVAL: 🔍
X-Force: 49950
SecurityFocus: 34539 - udev Path Encoding Local Denial of Service Vulnerability
Secunia: 34731
OSVDB: 53811 - udev - Path Encoding Local Denial of Service Issue
SecurityTracker: 1022068
Vulnerability Center: 21620 - Linux Udev < 1.4.4 Crafted Arguments Local DoS Vulnerability, Low
Vupen: ADV-2009-1053
See also: 🔍
Entry
Created: 03/17/2015 23:38Updated: 09/01/2019 18:20
Changes: 03/17/2015 23:38 (83), 09/01/2019 18:20 (4)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.