CVE-2017-13649

Опубликовано: 23 авг. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.

Ссылки

http://www.securityfocus.com/bid/100507
Third Party Advisory
VDB Entry
https://bugs.unrealircd.org/view.php?id=4990
Issue Tracking
Third Party Advisory
http://www.securityfocus.com/bid/100507
Third Party Advisory
VDB Entry
https://bugs.unrealircd.org/view.php?id=4990
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*

Версия до 4.0.13 (включая)

EPSS

Процентиль: 15%

0.00047

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-665

Связанные уязвимости

CVE-2017-13649

CVSS3: 5.5

debian

больше 8 лет назад

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privil ...

GHSA-p387-c589-x473

CVSS3: 5.5

github

больше 3 лет назад

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.

EPSS

Процентиль: 15%

0.00047

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-665