Bug 379293 (CVE-2011-2910)

Summary:	<media-radio/ax25-tools-0.0.10_rc2-r1: Privilege Escalation (CVE-2011-2910)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	tomjbe
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.openwall.com/lists/oss-security/2011/08/10/3
Whiteboard:	~1 [noglsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2011-08-15 17:08:01 UTC

The security issue is caused due to the ax25d daemon not properly checking the return value when dropping privileges, which can be exploited to perform certain actions with escalated privileges.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-08-20 03:01:22 UTC

Looks like upstream has a fix in their CVS, but I do not see a new release.

Comment 2 Thomas Beierlein gentoo-dev

2011-08-30 17:00:13 UTC

Thanks for reporting. Fixed by applying the patch from upstream CVS.

+*ax25-tools-0.0.10_rc2-r1 (30 Aug 2011)
+
+  30 Aug 2011; Thomas Beierlein <tomjbe@gentoo.org>
+  +ax25-tools-0.0.10_rc2-r1.ebuild,
+  +files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch, metadata.xml:
+  Fix for CVE-2011-2910. see Bug #379293
+