Vulnerability Name:

CVE-2010-1149 (CCN-57645)

Assigned:2010-04-06
Published:2010-04-06
Updated:2010-04-13
Summary:probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Debian Bug report logs - #576687
udisks - Exports dm table data

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576687

Source: CCN
Type: udisks GIT Repository
cgit logo freedesktop.org git repository browser

Source: CONFIRM
Type: UNKNOWN
http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4

Source: MITRE
Type: CNA
CVE-2010-1149

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-6296

Source: CCN
Type: SA39332
udisks Encryption Keys Information Leak

Source: SECUNIA
Type: Vendor Advisory
39332

Source: CCN
Type: OSVDB ID: 63571
udisks probers/udisks-dm-export.c udev Encryption Key Disclosure

Source: BID
Type: UNKNOWN
39265

Source: CCN
Type: BID-39265
udisks 'probers/udisks-dm-export.c' Local Information Disclosure Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.freedesktop.org/show_bug.cgi?id=27494

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=594261

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=580005

Source: XF
Type: UNKNOWN
udisks-udev-info-disclosure(57645)

Source: CONFIRM
Type: UNKNOWN
https://launchpad.net/bugs/556651

Vulnerable Configuration:Configuration 1:
  • cpe:/a:freedesktop:udisks:*:*:*:*:*:*:*:* (Version <= 1.0)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113550
    P
    		udisks-1.0.5-5.10 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106941
    P
    		udisks-1.0.5-5.10 on GA media (Moderate)
    2021-10-01
    BACK
    freedesktop udisks *