330 matches found
Denial Of Service (DoS)
chrony is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writin...
ALPINE-CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
UBUNTU-CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
CVE-2020-14367
Chrony before 3.5.1 is vulnerable to a local symlink attack on its PID file in /var/run/chrony. During startup, the PID file is created as root and, per sources, chronyd does not check for an existing symlink with the same file name. A privileged attacker could create a symlink named chrony’s def...
CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file...
Updated chrony package fixes security vulnerability
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack CVE-2020-14367...
CVE-2020-14367
A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows...
CVE-2020-14317
It was found that the issue for security flaw CVE-2019-3805, appeared again in another version of the JBoss Enterprise Application Platform - Continuous Delivery EAP-CD introducing regression. This flaw allows an attacker to modify the PID file in /var/run/jboss-eap/ allowing the init.d script to...
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...
USN-4269-1 systemd vulnerabilities
It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. CVE-2018-16888 It was discovered that systemd incorrectly handled certain udevadm...
CVE-2012-6136
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...
CVE-2012-6136
CVE-2012-6136 affects the Linux tuned daemon (e.g., tuned 2.10.0) where the PID file is created with insecure permissions, enabling local users to kill arbitrary processes. Technical details across multiple advisories (SUSE, Debian/Ubuntu, Red Hat) confirm the same root cause and impact. Remediat...
CVE-2012-6136
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...
CVE-2012-6136
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...
CVE-2019-3805
A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...