CVE-2017-14159

ADVISORY - nist

Summary

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

EPSS Score⁠: 0.00043 (0.106)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-665⁠

Improper Initialization

ADVISORY - redhat

CWE-377⁠

Insecure Temporary File

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

2 years ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

1

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.7medium

Alpine

CREATED

7 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

7 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.7low

Red Hat

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.4low