CVE-2017-18240

Published: Mar 19, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).

Affected (2)

Products: Collectd: Collectd

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Collectd Collectd	Up to 5.7.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Collectd Collectd	Version 5.7.2 r1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/103469

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.gentoo.org/628540

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201803-10

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/103469

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.gentoo.org/628540

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201803-10

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.