Scientific Linux Security Update : udev on SL5.x i386/x86_64
High Nessus Plugin ID 60570
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185)
After installing the update, the udevd daemon will be restarted automatically.
SolutionUpdate the affected libvolume_id, libvolume_id-devel and / or udev packages.