GLSA-201711-11 : VDE: Privilege escalation
Critical Nessus Plugin ID 104519
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201711-11 (VDE: Privilege escalation)
It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe ‘chown’ command which gives members from “qemu”
group root privileges.
A local attacker could escalate privileges to root.
There is no known workaround at this time.
SolutionAll VDE users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/vde-2.3.2-r4'