CVE-2017-18284

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
References
Link Resource
https://bugs.gentoo.org/628770 Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/201806-03 Vendor Advisory
https://bugs.gentoo.org/628770 Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/201806-03 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:burp_project:burp:*:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:19

Type Values Removed Values Added
References () https://bugs.gentoo.org/628770 - Issue Tracking, Third Party Advisory () https://bugs.gentoo.org/628770 - Issue Tracking, Third Party Advisory
References () https://security.gentoo.org/glsa/201806-03 - Vendor Advisory () https://security.gentoo.org/glsa/201806-03 - Vendor Advisory

Information

Published : 2018-06-04 06:29

Updated : 2024-11-21 03:19


NVD link : CVE-2017-18284

Mitre link : CVE-2017-18284

CVE.ORG link : CVE-2017-18284


JSON object : View

Products Affected

gentoo

  • linux

burp_project

  • burp
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource