5.5

CVE-2017-2616

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.197
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.7 3.4 6.9
AV:L/AC:M/Au:N/C:N/I:N/A:C
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-267 Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://security.gentoo.org/glsa/201706-02
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0654.html
Third Party Advisory
http://www.securityfocus.com/bid/96404
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038271
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:0907
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616
Patch
Third Party Advisory
Issue Tracking
https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
Patch
Third Party Advisory
https://www.debian.org/security/2017/dsa-3793
Third Party Advisory