Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 379293 (CVE-2011-2910) - <media-radio/ax25-tools-0.0.10_rc2-r1: Privilege Escalation (CVE-2011-2910)
Summary: <media-radio/ax25-tools-0.0.10_rc2-r1: Privilege Escalation (CVE-2011-2910)
Alias: CVE-2011-2910
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [noglsa]
Depends on:
Reported: 2011-08-15 17:08 UTC by Agostino Sarubbo
Modified: 2011-08-30 17:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-08-15 17:08:01 UTC
The security issue is caused due to the ax25d daemon not properly checking the return value when dropping privileges, which can be exploited to perform certain actions with escalated privileges.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-08-20 03:01:22 UTC
Looks like upstream has a fix in their CVS, but I do not see a new release.
Comment 2 Thomas Beierlein gentoo-dev 2011-08-30 17:00:13 UTC
Thanks for reporting. Fixed by applying the patch from upstream CVS.

+*ax25-tools-0.0.10_rc2-r1 (30 Aug 2011)
+  30 Aug 2011; Thomas Beierlein <>
+  +ax25-tools-0.0.10_rc2-r1.ebuild,
+  +files/ax25-tools-0.0.10_rc2-cve-2011-2910.patch, metadata.xml:
+  Fix for CVE-2011-2910. see Bug #379293