7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
37.6%
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo,
the initscript allows the smokeping user to gain ownership of any file,
allowing for the smokeping user to gain root privileges. There is a race
condition involving /var/lib/smokeping and chown.
Author | Note |
---|---|
rodrigo-zaiden | issue raised from gentoo packaging, debian could not be affected, more checking is nedded. |