Back to search
CVE-2017-18240
Published: Mar 19, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-201803-10
vendor-advisory
x_refsource_GENTOO
103469
vdb-entry
x_refsource_BID
https://bugs.gentoo.org/628540
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now