Lucene search

[email protected]CVE-2017-18226

HistoryMar 12, 2018 - 4:29 a.m.

CVE-2017-18226

2018-03-1204:29:00

CWE-732

[email protected]

web.nvd.nist.gov

gentoo

jabberd2

cve-2017-18226

local users

process killing

pid file modification

security vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a “kill -TERM cat /var/run/jabber/filename.pid” command.

Affected configurations

NVD

Node

jabberd2jabberd2Range≤2.6.1

AND

gentoolinuxMatch-

CPENameOperatorVersion
jabberd2:jabberd2jabberd2le2.6.1

CPE	Name	Operator	Version
jabberd2:jabberd2	jabberd2	le	2.6.1

References

bugs.gentoo.org/631068

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2017-18226

cvelist1 osv1 redhatcve1 debiancve1 nvd1 prion1 ubuntucve1 gentoo1 nessus1