# Weak SUID check allowing privilege elevation Hesiod unsafely checks EUID vs UID in a few places, consulting environment variables for configuration if they match. This could be used for privilege elevation under some circumstances. The fix uses secure_getenv() in place of getenv(). Upstream bug: https://github.com/achernya/hesiod/pull/9 Upstream patch: https://github.com/achernya/hesiod/commit/39b21dac9bc6473365de04d94be0da94941c7c73 # Use of hard-coded DNS domain if configuration file cannot be read If opening the configuration file fails, hesiod falls back on a default domain ".athena.mit.edu" to retrieve managed information. A local attacker with the opportunity to poison DNS cache could potentially elevate their privileges to root by causing fopen() to fail. Upstream bug: https://github.com/achernya/hesiod/pull/10 Upstream patch: https://github.com/achernya/hesiod/commit/247e2ce1f2aff40040657acaae7f1a1d673d6618
CC'ing TreeCleaner project: Package has no maintainer, latest upstream release from 2013. It has some dependencies on hesiod USE flag. Let's see what comes first, a patched ebuild or the cleaners.
removed
This issue was resolved and addressed in GLSA 201805-01 at https://security.gentoo.org/glsa/201805-01 by GLSA coordinator Aaron Bauman (b-man).