CVE-2017-16638: net-misc/vde root privilege escalation via OpenRC service script
posted 2017-11-06
- Product
-
Gentoo Linux
net-misc/vde
package
- Versions affected
-
net-misc/vde-2.3.2-r3 and earlier
- Published on
- 2017-11-06
- Fixed in
-
version 2.3.2-r4, commits
487449d
and
26fdd48
- Bug report
-
https://bugs.gentoo.org/603382
- MITRE
-
CVE-2017-16638
- Acknowledgements
-
NP-Hardass, who took over the package and fixed the issue
Summary
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow
members of the qemu group to gain root by creating a hard
link in a directory on which chown is
called recursively by the OpenRC service script.
Details
The full details, exploit, and mitigation are discussed in my
article, End
root chowning now (make /etc/init.d great again).