CVE-2017-14483
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
flower.initd en el paquete de Gentoo dev-python/flower en versiones anteriores a la 0.9.1-r1 para Celery Flower establece la propiedad de los archivos PID a una cuenta que no es root, lo que podrĂa permitir que usuarios locales finalicen procesos arbitrarios aprovechando el acceso a esta cuenta que no es root para modificar archivos PID antes de que un script root ejecute un comando "kill `cat /pathname`".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-15 CVE Reserved
- 2017-09-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gentoo Search vendor "Gentoo" | Dev-python-flower Search vendor "Gentoo" for product "Dev-python-flower" | <= 0.9.1 Search vendor "Gentoo" for product "Dev-python-flower" and version " <= 0.9.1" | - |
Affected
|