CVE-2017-18240

The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
References
Link Resource
http://www.securityfocus.com/bid/103469 Third Party Advisory VDB Entry
https://bugs.gentoo.org/628540 Issue Tracking Vendor Advisory
https://security.gentoo.org/glsa/201803-10 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:collectd:collectd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:collectd:collectd:5.7.2:r1:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-19 02:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-18240

Mitre link : CVE-2017-18240

CVE.ORG link : CVE-2017-18240


JSON object : View

Products Affected

collectd

  • collectd
CWE
CWE-20

Improper Input Validation