Lucene search

[email protected]CVE-2016-20015

HistorySep 20, 2022 - 6:15 p.m.

CVE-2016-20015

2022-09-2018:15:09

[email protected]

web.nvd.nist.gov

cve

2016

20015

ebuild package

smokeping

gentoo

root privileges

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.6%

JSON

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.

Affected configurations

NVD

Node

smokepingsmokepingRange≤2.7.3-r1

CPENameOperatorVersion
smokeping:smokepingsmokepingle2.7.3-r1

CPE	Name	Operator	Version
smokeping:smokeping	smokeping	le	2.7.3-r1

References

bugs.gentoo.org/602652

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for CVE-2016-20015

alpinelinux1 cvelist1 nvd1 ubuntucve1 prion1