Arbitrary Unmount Operations Vulnerability in usb-creator-helper

Arbitrary Unmount Operations Vulnerability in usb-creator-helper

CVE-2011-1828 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.

Learn more about our User Device Pen Test.