Описание
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
Связанные уязвимости
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownersh ...
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2