MEDIUM🇬🇧 English

CVE-2017-18226

CVSS 5.5v3.0pub. 2018-03-12upd. 2024-11-21

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Gentoo Linux

    OS
    Gentoo
    wszystkie wersje
  • Jabberd2

    APP
    Jabberd2
    ≤ 2.6.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-12084CRITICAL9.8PL ✓ten sam produkt

Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2

CVE-2017-10807CRITICAL9.8ten sam produkt

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl...

CVE-2024-12085HIGH7.5ten sam produkt

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...

CVE-2022-23220HIGH7.8ten sam produkt

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...

CVE-2017-18285HIGH7.1ten sam produkt

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, whi...

CVE-2017-18226 — MEDIUM 5.5 | CVEbaza.pl