CVE-2017-14681

Опубликовано: 21 сент. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill cat /pathname/p3scan.pid" command, as demonstrated by etc/init.d/p3scan.

Ссылки

https://sourceforge.net/p/p3scan/bugs/33/
Mitigation
Third Party Advisory
https://sourceforge.net/p/p3scan/bugs/33/
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:p3scan_project:p3scan:*:rc1:*:*:*:*:*:*

Версия до 3.0 (включая)

EPSS

Процентиль: 15%

0.00048

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-665

Связанные уязвимости

CVE-2017-14681

CVSS3: 5.5

ubuntu

больше 8 лет назад

The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.

CVE-2017-14681

CVSS3: 5.5

debian

больше 8 лет назад

The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file aft ...

GHSA-3m4p-9wjj-3m72

CVSS3: 5.5

github

больше 3 лет назад

The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.

EPSS

Процентиль: 15%

0.00048

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-665