CVE-2017-18284

Published: Jun 4, 2018Modified: Nov 21, 2024

7.1

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

Affected (1)

Products: Burp Project: Burp

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Burp Project Burp	Before 2.1.32

Running on/with	Platform Versions
Gentoo Linux	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://bugs.gentoo.org/628770

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201806-03

Source: cve@mitre.org

Vendor Advisory

https://bugs.gentoo.org/628770

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201806-03

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.