CVE-2017-18226
Gentoo Linux Security Advisory 201803-07
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
El paquete net-im/jabberd2 de Gentoo, hasta la versión 2.6.1, establece la propiedad de /var/run/jabber en la cuenta jabber, lo que podría permitir que usuarios locales finalicen procesos arbitrarios aprovechando el acceso a esta cuenta para modificar archivos PID antes de que un script root ejecute un comando "kill -TERM `cat /var/run/jabber/filename.pid`"
Multiple vulnerabilities have been found in Gentoo's JabberD 2.x ebuild, the worst of which allows local attackers to escalate privileges. Versions less than or equal to 2.6.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-11 CVE Reserved
- 2018-03-12 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jabberd2 Search vendor "Jabberd2" | Jabberd2 Search vendor "Jabberd2" for product "Jabberd2" | <= 2.6.1 Search vendor "Jabberd2" for product "Jabberd2" and version " <= 2.6.1" | - |
Affected
| in | Gentoo Search vendor "Gentoo" | Linux Search vendor "Gentoo" for product "Linux" | - | - |
Safe
|