379293 – (CVE-2011-2910) <media-radio/ax25-tools-0.0.10_rc2-r1: Privilege Escalation (CVE-2011-2910)

Bug 379293 (CVE-2011-2910) - <media-radio/ax25-tools-0.0.10_rc2-r1: Privilege Escalation (CVE-2011-2910)

Summary: <media-radio/ax25-tools-0.0.10_rc2-r1: Privilege Escalation (CVE-2011-2910)

Status:	RESOLVED FIXED

Alias:	CVE-2011-2910

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-08-15 17:08 UTC by Agostino Sarubbo
Modified:	2011-08-30 17:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2011-08-15 17:08:01 UTC

The security issue is caused due to the ax25d daemon not properly checking the return value when dropping privileges, which can be exploited to perform certain actions with escalated privileges.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-08-20 03:01:22 UTC

Looks like upstream has a fix in their CVS, but I do not see a new release.

Comment 2 Thomas Beierlein gentoo-dev

2011-08-30 17:00:13 UTC

Thanks for reporting. Fixed by applying the patch from upstream CVS.

+*ax25-tools-0.0.10_rc2-r1 (30 Aug 2011)
+
+  30 Aug 2011; Thomas Beierlein <tomjbe@gentoo.org>
+  +ax25-tools-0.0.10_rc2-r1.ebuild,
+  +files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch, metadata.xml:
+  Fix for CVE-2011-2910. see Bug #379293
+