CVE-2017-18284 Information

Description

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Reference

https://bugs.gentoo.org/628770 https://security.gentoo.org/glsa/201806-03

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1