4 matches found
CVE-2009-1185
CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...
CVE-2009-1186
CVE-2009-1186 affects udev prior to version 1.4.1, where a buffer overflow in util_path_encode in udev/lib/libudev-util.c can be triggered by crafted arguments, enabling a local denial of service. Public reports tie this with the same issue as CVE-2009-1185/1186; multiple advisories (Mandriva, Ma...
CVE-2011-0640
CVE-2011-0640 concerns the default udev configuration on Linux, which does not warn before enabling HID functionality over USB. This can let user-assisted attackers run arbitrary code via crafted USB input (e.g., keyboard/mouse data from aスマートフォン-connected device), as documented by multiple sourc...
CVE-2010-4176
CVE-2010-4176 describes a permission issue in plymouth-pretrigger.sh used by dracut/udev on Fedora 13 and 14. The script sets weak permissions on the /dev/systty device file, enabling remote authenticated users to read terminal data from tty0 for local users. Connected sources (OSV/OpenVAS/CVE re...