CVE-2017-18225
Gentoo Linux Security Advisory 201803-07
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
El paquete net-im/jabberd2 de Gentoo, hasta la versión 2.6.1, instala jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s y jabberd2-sm en /usr/bin, propiedad de la cuenta jabber. Esto podría permitir que usuarios locales obtengan privilegios aprovechando el acceso a esta cuenta y esperando a que root ejecute uno de estos programas.
Multiple vulnerabilities have been found in Gentoo's JabberD 2.x ebuild, the worst of which allows local attackers to escalate privileges. Versions less than or equal to 2.6.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-11 CVE Reserved
- 2018-03-12 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jabberd2 Search vendor "Jabberd2" | Jabberd2 Search vendor "Jabberd2" for product "Jabberd2" | <= 2.6.1 Search vendor "Jabberd2" for product "Jabberd2" and version " <= 2.6.1" | - |
Affected
| in | Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | - | - |
Safe
|