[Bug 1288226] Re: buffer overflow with long path names

Martin Pitt martin.pitt at ubuntu.com
Mon Mar 10 09:29:35 UTC 2014 

This is public now. I removed the attached patches; they were valid, but
had a wrong attribution (the original patch was from David Zeuthen). I
put links to the official upstream patches into the description.

** Description changed:

  EMBARGOED until 2014-03-10
+ PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html
  
  Florian Weimer of the Red Hat Product Security Team found a flaw in the
  way udisks and udisks2 handled long path names. A malicious, local user
  could use this flaw to create a specially-crafted directory structure
  that could lead to arbitrary code execution with the privileges of the
  udisks daemon (root).
  
  Huzaifa Sidhpurwala created a proposed patch. I don't like the changing
  from PATH_MAX to 4096, but it looks good otherwise.
  
  I'll handle the upstream bits, Debian and Ubuntu trusty updates and
  discuss the PATH_MAX issue.
+ 
+ Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967
+ Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471

** Patch removed: "improved udisks2 patch"
   https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008467/+files/udisks2.patch

** Patch removed: "fixed backported patch for udisks 1"
   https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+attachment/4008468/+files/udisks1.patch

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to udisks in Ubuntu.
https://bugs.launchpad.net/bugs/1288226

Title:
  buffer overflow with long path names

Status in “udisks” package in Ubuntu:
  In Progress
Status in “udisks2” package in Ubuntu:
  In Progress
Status in “udisks” source package in Lucid:
  Won't Fix
Status in “udisks” source package in Precise:
  New
Status in “udisks” source package in Quantal:
  New
Status in “udisks2” source package in Quantal:
  New
Status in “udisks” source package in Saucy:
  New
Status in “udisks2” source package in Saucy:
  New
Status in “udisks” source package in Trusty:
  In Progress
Status in “udisks2” source package in Trusty:
  In Progress

Bug description:
  EMBARGOED until 2014-03-10
  PUBLISHED now: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html

  Florian Weimer of the Red Hat Product Security Team found a flaw in
  the way udisks and udisks2 handled long path names. A malicious, local
  user could use this flaw to create a specially-crafted directory
  structure that could lead to arbitrary code execution with the
  privileges of the udisks daemon (root).

  Huzaifa Sidhpurwala created a proposed patch. I don't like the
  changing from PATH_MAX to 4096, but it looks good otherwise.

  I'll handle the upstream bits, Debian and Ubuntu trusty updates and
  discuss the PATH_MAX issue.

  Upstream fix for udisks 2: http://cgit.freedesktop.org/udisks/commit/?id=244967
  Upstream fix for udisks 1: http://cgit.freedesktop.org/udisks/commit/?h=udisks1&id=ebf61ed8471

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks/+bug/1288226/+subscriptions

More information about the foundations-bugs mailing list