CVE-2017-14159

ADVISORY - debian

Summary

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

openldap (unimportant) http://www.openldap.org/its/index.cgi?findid=8703 Negligible security impact, but filed #877512

EPSS Score⁠: 0.00111 (0.309)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-665⁠

Improper Initialization

ADVISORY - redhat

CWE-377⁠

Insecure Temporary File

Impacted images

Advisories

Debian

CREATED

8 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/openldap	deb	debian	12	>=2.5.13+dfsg-5	Not yet available
debian/openldap	deb	debian	11	>=2.4.57+dfsg-3+deb11u1	Not yet available
debian/openldap	deb	debian	13	>=2.6.9+dfsg-2	Not yet available
debian/openldap	deb	debian	unstable	>=2.6.9+dfsg-2	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

8 years ago

UPDATED

28 days ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-665⁠

CVSS SCORE

4.7medium

Alpine

CREATED

8 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

8 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.7low

Red Hat

CREATED

8 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2017-14159⁠

EXPLOITABILITY SCORE

0.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-377⁠

CVSS SCORE

4.4low