CVE-2017-18240: Input Validation
First published: Mon Mar 19 2018(Updated: )
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Collectd Collectd | <=5.7.2 | |
| Collectd Collectd | =5.7.2-r1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/collectd
- canonical/collectd collectd
- version/collectd collectd/5.7.2
- version/collectd collectd/5.7.2-r1