Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2017-18240HistoryMar 19, 2018 - 2:29 a.m.
CVE-2017-18240
2018-03-1902:29:00
Debian Security Bug Tracker
security-tracker.debian.org
5
0.0004 Low
EPSS
Percentile
5.2%
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | collectd | < 5.12.0-14 | collectd_5.12.0-14_all.deb |
| Debian | 11 | all | collectd | < 5.12.0-7 | collectd_5.12.0-7_all.deb |
| Debian | 10 | all | collectd | < 5.8.1-1.3 | collectd_5.8.1-1.3_all.deb |
| Debian | 999 | all | collectd | < 5.12.0-18 | collectd_5.12.0-18_all.deb |
Related
prion
prion
Arbitrary file deletion
2018-03-19 02:29:00
osv
osv
CVE-2017-18240
2018-03-19 02:29:00
ubuntucve
ubuntucve
CVE-2017-18240
2018-03-19 00:00:00
cve
cve
CVE-2017-18240
2018-03-19 02:29:00
nessus
nessus
GLSA-201803-10 : collectd: Multiple vulnerabilities
2018-03-22 00:00:00
gentoo
gentoo
collectd: Multiple vulnerabilities
2018-03-22 00:00:00