The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HElasticsearch Logstash
APPElasticsearch5.0.05.0.15.0.25.1.15.1.25.2.05.2.15.3.05.3.15.3.25.4.15.4.25.4.35.5.05.5.1+ 2 więcejGentoo Linux
OSGentoowszystkie wersje
Related vulnerabilities
Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, whi...
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp acco...