The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
oryginał ENCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HGentoo Linux
OSGentoowszystkie wersjeJabberd2
APPJabberd2≤ 2.6.1
Powiązane podatności
Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl...
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, whi...