A failure in privsep_init() does not cause radvd to run with full root privileges when invoked with the --username option specifying an unprivileged user. Rather it will run as a single process as the specified (unprivileged) radvd user, causing this issue to have no security impact (no unintended privilege elevation).
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
|Red Hat Enterprise Linux 6||radvd||Not affected|
|Red Hat Enterprise Linux 5||radvd||Not affected|
|Red Hat Enterprise Linux 4||radvd||Not affected|
AcknowledgementsRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
CVE description copyright © 2017, The MITRE Corporation