Joined: 12 May 2004
|Posted: Sun Nov 12, 2017 11:26 pm Post subject: [ glsa 201711-11 ] vde
|Gentoo Linux Security Advisory
Title: VDE: Privilege escalation (GLSA 201711-11)
A vulnerability was discovered in VDE which may allow local users
to gain root privileges.
VDE is an ethernet compliant virtual network that can be spawned over a
set of physical computer over the Internet.
Vulnerable: < 2.3.2-r4
Unaffected: >= 2.3.2-r4
Architectures: All supported architectures
It was discovered that Gentoo’s default VDE installation suffered from
a privilege escalation vulnerability in the init script. This script
calls an unsafe ‘chown’ command which gives members from “qemu”
group root privileges.
A local attacker could escalate privileges to root.
There is no known workaround at this time.
All VDE users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vde-2.3.2-r4"