Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for libvolume_id-095 CESA-2009:0427 centos5 i386

Information

Severity

Severity

High

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.2

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'libvolume_id-095' package(s) announced via the referenced advisory.

Insight

Insight

udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically.

Affected Software

Affected Software

libvolume_id-095 on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)