1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2011-3603
PublicDate: 2014-04-27
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3603
http://www.openwall.com/lists/oss-security/2011/10/06/3
Description:
The router advertisement daemon (radvd) before 1.8.2 does not properly
handle errors in the privsep_init function, which causes the radvd daemon
to run as root and has an unspecified impact.
Ubuntu-Description:
Notes:
mdeslaur> it turns out this had no security impact after all, and the
mdeslaur> CVE number got rejected. We've fixed the issue anyway, but
mdeslaur> won't mention it in the USN
Bugs:
Priority: medium
Discovered-by: Vasiliy Kulikov
Assigned-to: mdeslaur
Patches_radvd:
upstream: https://github.com/reubenhwk/radvd/commit/2c50375043186e133f15135f4c93ca964238ee60
upstream: https://github.com/reubenhwk/radvd/commit/074816cd0b37aac7b3209987e6e998f0a847b275
upstream: https://github.com/reubenhwk/radvd/commit/7dc53cc3b792775369bf0b2f053a3f4ed5d87e3d
upstream_radvd: released (1.8.2)
hardy_radvd: ignored (reached end-of-life)
lucid_radvd: released (1:1.3-1.1ubuntu0.1)
maverick_radvd: released (1:1.6-1ubuntu0.1)
natty_radvd: released (1:1.7-1ubuntu0.1)
oneiric_radvd: released (1:1.8-1ubuntu0.1)
devel_radvd: not-affected (1:1.8-1.2)
|