Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-14159

Опубликовано: 28 июл. 2017
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

Отчет

As per upstream this bug can be used only when additional major flaws are found in the slapd binary like the ones caused by heap-based buffer overflows etc. Based on this argument, Red Hat Product Security does not consider this to be a security flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openldapNot affected
Red Hat Enterprise Linux 6compat-openldapNot affected
Red Hat Enterprise Linux 6openldapNot affected
Red Hat Enterprise Linux 7compat-openldapNot affected
Red Hat Enterprise Linux 7openldapNot affected
Red Hat JBoss Enterprise Application Platform 5openldapNot affected
Red Hat JBoss Enterprise Web Server 1openldapNot affected
Red Hat JBoss Enterprise Web Server 2openldapNot affected
Red Hat JBoss Enterprise Web Server 3openldapNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1488751openldap: Privilege escalation via PID file manipulation

EPSS

Процентиль: 31%
0.00113
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-14159

CVSS3: 4.7
ubuntu
почти 8 лет назад

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

nvd логотип

CVE-2017-14159

CVSS3: 4.7
nvd
почти 8 лет назад

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

debian логотип

CVE-2017-14159

CVSS3: 4.7
debian
почти 8 лет назад

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...

github логотип

GHSA-xxfr-gfjr-h844

CVSS3: 4.7
github
около 3 лет назад

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

EPSS

Процентиль: 31%
0.00113
Низкий

4.4 Medium

CVSS3