The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
References
Link | Resource |
---|---|
https://bugs.gentoo.org/628770 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/201806-03 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-04T06:00:00
Updated: 2018-10-21T09:57:02
Reserved: 2018-06-03T00:00:00
Link: CVE-2017-18284
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-04T06:29:00.217
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-18284
JSON object: View
Redhat Information
No data.
CWE