udisks: arbitrary code execution (CVE-2014-0004)
Florian Weimer of the Red Hat Product Security Team found a flaw in
the way udisks and udisks2 handled long path names. A malicious, local
user could use this flaw to create a specially-crafted directory
structure that could lead to arbitrary code execution with the
privileges of the udisks daemon (root). This has been assigned
This has been fixed in udisks 2.1.3 and in 1.0.5 release.
(from redmine: issue id 2756, created on 2014-03-11, closed on 2014-03-14)