CVE-2017-14159

SOURCE - nist

Summary

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

EPSS Score⁠: 0.00043 (0.094)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-665⁠

Improper Initialization

SOURCE - redhat

CWE-377⁠

Insecure Temporary File

Sources (5)

Impacted images

debian

CREATED

7 years ago

UPDATED

17 days ago

SOURCE IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openldap	deb	debian	12	>=2.5.13+dfsg-5	Not yet available
debian/openldap	deb	debian	11	>=2.4.57+dfsg-3+deb11u1	Not yet available
debian/openldap	deb	debian	10	>=2.4.47+dfsg-3+deb10u7	Not yet available
debian/openldap	deb	debian	13	>=2.5.17+dfsg-1	Not yet available
debian/openldap	deb	debian	unstable	>=2.5.17+dfsg-1	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

7 years ago

UPDATED

2 years ago

SOURCE IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-665⁠

CVSS SCORE

4.7medium

alpine

CREATED

7 years ago

UPDATED

2 months ago

SOURCE IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

7 years ago

UPDATED

1 month ago

SOURCE IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.7low

redhat

CREATED

7 years ago

UPDATED

10 months ago

SOURCE IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-377⁠

CVSS SCORE

4.4low