HIGH🇵🇱 Wersja polska

CVE-2017-18225

CVSS 7.8v3.0pub. 2018-03-12upd. 2024-11-21

The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Gentoo Linux

    OS
    Gentoo
    wszystkie wersje
  • Jabberd2

    APP
    Jabberd2
    ≤ 2.6.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-12084CRITICAL9.8PL ✓ten sam produkt

Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2

CVE-2017-10807CRITICAL9.8ten sam produkt

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl...

CVE-2024-12085HIGH7.5ten sam produkt

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...

CVE-2022-23220HIGH7.8ten sam produkt

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...

CVE-2017-18284HIGH7.1ten sam produkt

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp acco...