6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Miroslav Lichvar reports:
chrony-3.5.1 […] fixes a security issue in writing of the pidfile.
When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn’t have write
permissions, causing a denial of service, or data loss.
This issue was reported by Matthias Gerstner of SUSE.
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%