A vulnerability has been discovered in uptimed which could result in root privilege escalation.
Package | app-misc/uptimed on all architectures |
---|---|
Affected versions | < 0.4.6-r1 |
Unaffected versions | >= 0.4.6-r1 |
uptimed is a system uptime record daemon that keeps track of your highest uptimes.
Via unnecessary file ownership modifications in the pkg_postinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time.
The uptimed user could achieve root privileges when the uptimed package is emerged.
There is no known workaround at this time.
All uptimed users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/uptimed-0.4.6-r1"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
high
Exploitable
remote
Bugzilla entries