Vulnerability Description
Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 11 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2010/q2/5
- http://stealth.openwall.net/xSports/devshit.plExploit
- http://xorl.wordpress.com/2010/04/06/cve-2010-0746-devicekit-local-privilege-escExploitPatch
- https://bugs.freedesktop.org/show_bug.cgi?id=23235
- https://bugzilla.redhat.com/show_bug.cgi?id=523178
- http://seclists.org/oss-sec/2010/q2/5
- http://stealth.openwall.net/xSports/devshit.plExploit
- http://xorl.wordpress.com/2010/04/06/cve-2010-0746-devicekit-local-privilege-escExploitPatch
- https://bugs.freedesktop.org/show_bug.cgi?id=23235
- https://bugzilla.redhat.com/show_bug.cgi?id=523178
FAQ
What is CVE-2010-0746?
CVE-2010-0746 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in...
How severe is CVE-2010-0746?
CVE-2010-0746 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0746?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora.