MidnightBSD

Advisories for evan_dandrea

CVE-2011-1828 LOW

usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
evan_dandrea usb-creator 0.2.9
evan_dandrea usb-creator 0.2.1
evan_dandrea usb-creator 0.1.4
evan_dandrea usb-creator 0.2.27
evan_dandrea usb-creator 0.1.3
evan_dandrea usb-creator 0.2.5
evan_dandrea usb-creator 0.2.17
evan_dandrea usb-creator 0.2.20
evan_dandrea usb-creator 0.2.18
evan_dandrea usb-creator 0.1.7
evan_dandrea usb-creator 0.2.2
evan_dandrea usb-creator 0.2.4
evan_dandrea usb-creator 0.2.19
evan_dandrea usb-creator *
evan_dandrea usb-creator 0.2.25
evan_dandrea usb-creator 0.1.9
evan_dandrea usb-creator 0.1.1
evan_dandrea usb-creator 0.2.26
evan_dandrea usb-creator 0.1.5
evan_dandrea usb-creator 0.1.12
evan_dandrea usb-creator 0.2.11
evan_dandrea usb-creator 0.1.8
evan_dandrea usb-creator 0.2.8
evan_dandrea usb-creator 0.2.12
evan_dandrea usb-creator 0.2.24
evan_dandrea usb-creator 0.1.11
evan_dandrea usb-creator 0.2.10
evan_dandrea usb-creator 0.2.16
evan_dandrea usb-creator 0.1.16
evan_dandrea usb-creator 0.2.23
evan_dandrea usb-creator 0.2.15
evan_dandrea usb-creator 0.2.14
evan_dandrea usb-creator 0.2.6
evan_dandrea usb-creator 0.1
evan_dandrea usb-creator 0.2.22
evan_dandrea usb-creator 0.1.6
evan_dandrea usb-creator 0.2.3
evan_dandrea usb-creator 0.1.10
evan_dandrea usb-creator 0.1.15
evan_dandrea usb-creator 0.2.0
evan_dandrea usb-creator 0.2.21
evan_dandrea usb-creator 0.1.2
evan_dandrea usb-creator 0.2.7
evan_dandrea usb-creator 0.1.13
evan_dandrea usb-creator 0.1.14
evan_dandrea usb-creator 0.2.13
CVE-2013-1063 MEDIUM

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 13.10
canonical ubuntu_linux 12.10
evan_dandrea usb-creator 0.2.47
evan_dandrea usb-creator 0.2.40
evan_dandrea usb-creator 0.2.38
evan_dandrea usb-creator 0.2.38.1