michael orlitzky

CVE-2017-16638: net-misc/vde root privilege escalation via OpenRC service script

Product
Gentoo Linux net-misc/vde package
Versions affected
net-misc/vde-2.3.2-r3 and earlier
Published on
2017-11-06
Author
Michael Orlitzky
Fixed in
version 2.3.2-r4, commits 487449d and 26fdd48
Bug report
https://bugs.gentoo.org/603382
MITRE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-xxxxx
Acknowledgements
NP-Hardass, who took over the package and fixed the issue

Summary

The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the qemu group to gain root by creating a hard link in a directory on which chown is called recursively by the OpenRC service script.

Details

The full details, exploit, and mitigation are discussed in my article, End root chowning now (make /etc/init.d great again).