GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Nov 20, 2011 8:26 pm Post subject: [ GLSA 201111-08 ] radvd: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: radvd: Multiple vulnerabilities (GLSA 201111-08)
Severity: high
Exploitable: local, remote
Date: November 20, 2011
Bug(s): #385967
ID: 201111-08
Synopsis
Multiple vulnerabilities have been found in radvd which could
potentially lead to privilege escalation, data loss, or a Denial of
Service.
Background
radvd is an IPv6 router advertisement daemon for Linux and BSD.
Affected Packages
Package: net-misc/radvd
Vulnerable: < 1.8.2
Unaffected: >= 1.8.2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in radvd. Please review
the CVE identifiers referenced below for details.
Impact
A remote unauthenticated attacker may be able to gain escalated
privileges, escalate the privileges of the radvd process, overwrite files
with specific names, or cause a Denial of Service. Local attackers may be
able to overwrite the contents of arbitrary files using symlinks.
Workaround
There is no known workaround at this time.
Resolution
All radvd users should upgrade to the latest stable version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"
|
References
CVE-2011-3601
CVE-2011-3602
CVE-2011-3603
CVE-2011-3604
CVE-2011-3605
Last edited by GLSA on Sun Oct 07, 2012 4:29 am; edited 2 times in total |
|