CVE-2010-0746

Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.

Published: Jan 13, 2014
Updated: Apr 13, 2023
CVE: CVE-2010-0746
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	11	11.x
fedoraproject / fedora	12	12.x

http://seclists.org/oss-sec/2010/q2/5
http://stealth.openwall.net/xSports/devshit.pl
http://xorl.wordpress.com/2010/04/06/cve-2010-0746-devicekit-local-privilege-escalation/
https://bugs.freedesktop.org/show_bug.cgi?id=23235
https://bugzilla.redhat.com/show_bug.cgi?id=523178

Vulnerability Database

290,301

CVE-2010-0746