CVE-2017-14159
ADVISORY - nistSummary
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname
" command, as demonstrated by openldap-initscript.
EPSS Score: 0.00043 (0.106)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Initialization
ADVISORY - redhat
Insecure Temporary File
NIST
CREATED
UPDATED
ADVISORY IDCVE-2017-14159
EXPLOITABILITY SCORE
1
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
Alpine
CREATED
UPDATED
ADVISORY IDCVE-2017-14159
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2017-14159
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2017-14159
EXPLOITABILITY SCORE
1.0
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2017-14159
EXPLOITABILITY SCORE
0.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)