Gentoo FoundationGLSA-201804-18tenshi: Privilege escalation
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
46.6%
Background
A log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches.
Description
It was discovered that the tenshi ebuild creates a tenshi.pid file after dropping privileges to a non-root account.
Impact
A local attacker could escalate privileges to root or kill arbitrary processes.
Workaround
There is no known workaround at this time.
Resolution
All tenshi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/tenshi-0.17"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-admin/tenshi | < 0.17 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
46.6%