GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Nov 12, 2017 11:26 pm Post subject: [ glsa 201711-11 ] vde |
 |
|
Gentoo Linux Security Advisory
Title: VDE: Privilege escalation (GLSA 201711-11)
Severity: normal
Exploitable: local
Date: 2017-11-12
Bug(s): #603382
ID: 201711-11
Synopsis
A vulnerability was discovered in VDE which may allow local users
to gain root privileges.
Background
VDE is an ethernet compliant virtual network that can be spawned over a
set of physical computer over the Internet.
Affected Packages
Package: net-misc/vde
Vulnerable: < 2.3.2-r4
Unaffected: >= 2.3.2-r4
Architectures: All supported architectures
Description
It was discovered that Gentoo’s default VDE installation suffered from
a privilege escalation vulnerability in the init script. This script
calls an unsafe ‘chown’ command which gives members from “qemu”
group root privileges.
Impact
A local attacker could escalate privileges to root.
Workaround
There is no known workaround at this time.
Resolution
All VDE users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/vde-2.3.2-r4"
|
References
CVE-2017-16638
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total |
|
News & Announcements
