HIGH🇬🇧 English

CVE-2017-18284

CVSS 7.1v3.0pub. 2018-06-04upd. 2024-11-21

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Burp Project Burp

    APP
    Burp Project
    < 2.1.32
  • Gentoo Linux

    OS
    Gentoo
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-12084CRITICAL9.8PL ✓ten sam produkt

Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2

CVE-2024-12085HIGH7.5ten sam produkt

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...

CVE-2022-23220HIGH7.8ten sam produkt

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...

CVE-2017-18285HIGH7.1ten sam produkt

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, whi...

CVE-2017-18225HIGH7.8ten sam produkt

The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s...