4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%
Issue Overview:
Sending SIGKILL to other processes with root privileges via su:
A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.(CVE-2017-2616)
Affected Packages:
util-linux
Issue Correction:
Run yum update util-linux to update your system.
New Packages:
i686:
util-linux-2.23.2-33.28.amzn1.i686
libblkid-devel-2.23.2-33.28.amzn1.i686
libuuid-2.23.2-33.28.amzn1.i686
uuidd-2.23.2-33.28.amzn1.i686
libmount-devel-2.23.2-33.28.amzn1.i686
util-linux-debuginfo-2.23.2-33.28.amzn1.i686
libuuid-devel-2.23.2-33.28.amzn1.i686
libblkid-2.23.2-33.28.amzn1.i686
libmount-2.23.2-33.28.amzn1.i686
src:
util-linux-2.23.2-33.28.amzn1.src
x86_64:
libuuid-devel-2.23.2-33.28.amzn1.x86_64
libblkid-2.23.2-33.28.amzn1.x86_64
util-linux-2.23.2-33.28.amzn1.x86_64
libmount-2.23.2-33.28.amzn1.x86_64
libblkid-devel-2.23.2-33.28.amzn1.x86_64
libuuid-2.23.2-33.28.amzn1.x86_64
util-linux-debuginfo-2.23.2-33.28.amzn1.x86_64
uuidd-2.23.2-33.28.amzn1.x86_64
libmount-devel-2.23.2-33.28.amzn1.x86_64
Red Hat: CVE-2017-2616
Mitre: CVE-2017-2616
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | util-linux | < 2.23.2-33.28.amzn1 | util-linux-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libblkid-devel | < 2.23.2-33.28.amzn1 | libblkid-devel-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libuuid | < 2.23.2-33.28.amzn1 | libuuid-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | uuidd | < 2.23.2-33.28.amzn1 | uuidd-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libmount-devel | < 2.23.2-33.28.amzn1 | libmount-devel-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | util-linux-debuginfo | < 2.23.2-33.28.amzn1 | util-linux-debuginfo-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libuuid-devel | < 2.23.2-33.28.amzn1 | libuuid-devel-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libblkid | < 2.23.2-33.28.amzn1 | libblkid-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libmount | < 2.23.2-33.28.amzn1 | libmount-2.23.2-33.28.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | libuuid-devel | < 2.23.2-33.28.amzn1 | libuuid-devel-2.23.2-33.28.amzn1.x86_64.rpm |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%