CVE-2011-3603 — Improper Input Validation in Router Advertisement Daemon

CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 80.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Litech Router Advertisement Daemon

Timeline

PublishedApr 27

Latest updateMay 17

Description

The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDlitech/router_advertisement_daemon1.8.1

🔴Vulnerability Details

GHSA

GHSA-5m4v-m59g-55c2: The router advertisement daemon (radvd) before 1↗2022-05-17

▶

CVEList

CVE-2011-3603: The router advertisement daemon (radvd) before 1↗2014-04-27

▶

📋Vendor Advisories

Red Hat

radvd: daemon would not fail on privsep_init() causing it to run with full root privileges↗2011-10-04

▶

💬Community

Bugzilla

CVE-2011-3603 radvd: daemon would not fail on privsep_init() causing it to run with full root privileges↗2011-10-05

▶