CVE-2017-20147

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugs.gentoo.org/631140	Exploit Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/202209-08	Third Party Advisory
https://bugs.gentoo.org/631140	Exploit Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/202209-08	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:smokeping:smokeping:*:*:*:*:*:*:*:*

History

29 May 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-377

21 Nov 2024, 03:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-20 18:15

Updated : 2025-05-29 14:15

NVD link : CVE-2017-20147

Mitre link : CVE-2017-20147

CVE.ORG link : CVE-2017-20147

JSON object : View

Products Affected

smokeping

smokeping

CWE

NVD-CWE-noinfo CWE-377

Insecure Temporary File

{"id": "CVE-2017-20147", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-09-20T18:15:09.953", "references": [{"url": "https://bugs.gentoo.org/631140", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202209-08", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/631140", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202209-08", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-377"}]}], "descriptions": [{"lang": "en", "value": "In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped."}, {"lang": "es", "value": "En el paquete ebuild versiones hasta smokeping-2.7.3-r1 para SmokePing en Gentoo, el initscript usa un archivo PID que es escribible por el usuario smokeping. Al escribir PIDs arbitrarios en ese archivo, el usuario smokeping puede causar una denegaci\u00f3n de servicio a PIDs arbitrarios cuando el servicio es detenido"}], "lastModified": "2025-05-29T14:15:26.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smokeping:smokeping:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6E41EEC-A9B0-4852-9452-EEA3F55A2D71", "versionEndIncluding": "2.7.3-r1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}