Facter: Privilege escalation An untrusted search path vulnerability in Facter could lead to local privilege escalation. facter December 26, 2014 December 26, 2014: 1 514476 local 1.7.6 1.7.6

Facter is a cross-platform Ruby library for retrieving facts from operating systems.

Facter includes the current working directory in the search path.

A local attacker may be able to gain escalated privileges.

There is no known workaround at this time.

All Facter users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/facter-1.7.6" CVE-2014-3248 BlueKnight ackle