2 matches found
CVE-2017-18226
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...
CVE-2017-18226
CVE-2017-18226 affects Gentoo net-im/jabberd2 up to version 2.6.1, where the process creates/uses /var/run/jabber owned by the jabber user. This ownership could allow local attackers to modify a PID file and kill a root-owned process by exploiting a window between PID-file modification and the ro...