Vulnerability Description
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
CVSS Score
6.9
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freedesktop | Udisks | <= 1.0.4 |
| Canonical | Ubuntu Linux | 12.04 |
Related Weaknesses (CWE)
References
- http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.htmlPatch
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2014-0293.html
- http://www.debian.org/security/2014/dsa-2872
- http://www.securityfocus.com/bid/66081
- http://www.ubuntu.com/usn/USN-2142-1
- http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.htmlPatch
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2014-0293.html
- http://www.debian.org/security/2014/dsa-2872
- http://www.securityfocus.com/bid/66081
FAQ
What is CVE-2014-0004?
CVE-2014-0004 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
How severe is CVE-2014-0004?
CVE-2014-0004 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0004?
Check the references section above for vendor advisories and patch information. Affected products include: Freedesktop Udisks, Canonical Ubuntu Linux.