radvd: Multiple vulnerabilities — GLSA 201111-08

Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service.

Affected Packages

net-misc/radvd on all architectures
Affected versions < 1.8.2
Unaffected versions >= 1.8.2

Background

radvd is an IPv6 router advertisement daemon for Linux and BSD.

Description

Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details.

Impact

A remote unauthenticated attacker may be able to gain escalated privileges, escalate the privileges of the radvd process, overwrite files with specific names, or cause a Denial of Service. Local attackers may be able to overwrite the contents of arbitrary files using symlinks.

Workaround

There is no known workaround at this time.

Resolution

All radvd users should upgrade to the latest stable version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2"
 

References

Release Date
November 20, 2011

Latest Revision
November 20, 2011: 1

Severity
high

Exploitable
local, remote

Bugzilla entries