CVE-2017-18240
N/A
N/A
Summary
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201803-10
- http://www.securityfocus.com/bid/103469
- https://bugs.gentoo.org/628540
References
- https://security.gentoo.org/glsa/201803-10
- http://www.securityfocus.com/bid/103469
- https://bugs.gentoo.org/628540
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.