Login
Start Free Trial
Research Center
CVE-2011-0640 Research Center

CVE-2011-0640

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

  • 6.9 high severity

  • AV:L/AC:M/Au:N/C:C/I:C/A:C

  • 25/01/2011

Products 2

Ud

Udev

by Kernel

144 Versions

12 years ago

Ud

Udev

by Udev Project

167 Versions

12 years ago

Operating Systems 1

Li

Linux Kernel

by Linux

3281 Versions

a month ago

Vulnerability Categories 1

Configuration

xTags 2

#exposed_to_RCE_attack
#known_vulnerability

Advisory Links 3

http://news.cnet.com/8301-27080_3-20028919-245.html
http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou
http://www.cs.gmu.edu/~astavrou/publications.html
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By John Kilhefner
Aug 18, 2022

Blockchain Security - The New Threat. Part 2.

The conclusion to a two-part series on Blockchain technology and the threats that security practitioners should have top-of-mind. One of blockchain technology’s claims to fame is that it enables trustless interactions between parties... a claim that I'll explain is only "mostly" accurate. Let's explore the threats of blockchain.
By John Kilhefner
Aug 16, 2022

How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)

The Common Vulnerability Scoring System has been at the center of praise and controversy in the cybersecurity world. Let's separate fact from fiction and discover the merits——and pitfalls——of this system.
By Jenny R
Aug 14, 2022

Session Management Attacks - Part two

This article is the second part of the Session Management topic. The focus is on prevention practices, with one particular example of inactivity timer implementation!
By Wilson Corbett
Aug 12, 2022

Vulnerability Scanners 101: The Basics of Vulnerability Scanning

Storing data on an organization’s network is not an easy feat. Companies want their network as secure as possible, identifying loopholes and weak points to uncover and address vulnerabilities that cyber attackers can exploit. This need for protection is where Vulnerability Scanners enter the picture.
By Kent Weigle
Aug 12, 2022

CISAnalysis 12 August 2022

Zimbra Collaboration is back on CISA's shi... I mean Known Exploited Vulnerabilities Catalog. Today's theme is remote code execution without authentication.
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!