CVE-2014-0004: Buffer Overflow
First published: Tue Mar 11 2014(Updated: )
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME Disks | <=1.0.4 | |
| GNOME Disks | =1.0 | |
| GNOME Disks | =1.0.1 | |
| GNOME Disks | =2.0.0 | |
| GNOME Disks | =2.0.1 | |
| GNOME Disks | =2.0.90 | |
| GNOME Disks | =2.0.91 | |
| GNOME Disks | =2.0.92 | |
| GNOME Disks | =2.1.0 | |
| GNOME Disks | =2.1.1 | |
| GNOME Disks | =2.1.2 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html
- http://rhn.redhat.com/errata/RHSA-2014-0293.html
- http://www.debian.org/security/2014/dsa-2872
- http://www.securityfocus.com/bid/66081
- http://www.ubuntu.com/usn/USN-2142-1
Frequently Asked Questions
What is the severity of CVE-2014-0004?
CVE-2014-0004 is classified as a high-severity vulnerability due to its potential to cause denial of service and execute arbitrary code.
How do I fix CVE-2014-0004?
To mitigate CVE-2014-0004, update to UDisks version 1.0.5 or later, or 2.1.3 or later.
Who is affected by CVE-2014-0004?
CVE-2014-0004 affects local users of UDisks versions before 1.0.5 and 2.x before 2.1.3.
What types of attacks are possible with CVE-2014-0004?
CVE-2014-0004 allows attackers to exploit a stack-based buffer overflow to crash the UDisks service or potentially execute arbitrary code.
Is CVE-2014-0004 present in Ubuntu distributions?
Yes, CVE-2014-0004 can be found in various Ubuntu Linux versions including 12.04, 12.10, and 13.10.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freedesktop
- canonical/gnome disks
- version/gnome disks/1.0.4
- version/gnome disks/1.0
- version/gnome disks/1.0.1
- version/gnome disks/2.0.0
- version/gnome disks/2.0.1
- version/gnome disks/2.0.90
- version/gnome disks/2.0.91
- version/gnome disks/2.0.92
- version/gnome disks/2.1.0
- version/gnome disks/2.1.1
- version/gnome disks/2.1.2
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.10