Lucene search
Alpine Linux Development TeamALPINE:CVE-2017-20147HistorySep 20, 2022 - 6:15 p.m.
CVE-2017-20147
2022-09-2018:15:09
Alpine Linux Development Team
security.alpinelinux.org
16
ebuild package
smokeping
gentoo
initscript
pid file
denial of service
unix
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
31.9%
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
Related
prion
prion
Code injection
2022-09-20 18:15:00
nessus
nessus
GLSA-202209-08 : Smokeping: Multiple vulnerabilities
2022-09-25 00:00:00
cve
cve
CVE-2017-20147
2022-09-20 18:15:09
cvelist
cvelist
CVE-2017-20147
2022-09-20 17:00:51
ubuntucve
ubuntucve
CVE-2017-20147
2022-09-20 00:00:00
nvd
nvd
CVE-2017-20147
2022-09-20 18:15:09
gentoo
gentoo
Smokeping: Multiple vulnerabilities
2022-09-25 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
31.9%
Related for ALPINE:CVE-2017-20147