hesiod: Root privilege escalation — GLSA 201805-01

A vulnerability was discovered in hesiod which may allow remote attackers to gain root privileges.

Affected Packages

net-dns/hesiod on all architectures
Affected versions <= 3.1.0
Unaffected versions

Background

DNS functionality to access to DB of information that changes infrequently.

Description

Multiple vulnerabilities have been discovered in hesiod that have remained unaddressed. Please review the referenced CVE identifiers for details.

Impact

A remote or local attacker may be able to escalate privileges to root.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for hesiod and recommends that users unmerge the package:

 # emerge --unmerge "net-dns/hesiod"
 

References

Release Date
May 02, 2018

Latest Revision
May 02, 2018: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries