CVE-2017-18284
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-18284
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18284.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-18284
- Published
- 2018-06-04T06:29:00Z
- Modified
- 2024-09-03T01:47:36.802770Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
- References
Affected packages
Git / github.com/grke/burp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/grke/burp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.1.40
1.1.51
1.1.55
1.1.57
1.1.65
1.1.70
1.2.0
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.3.0
1.3.1
1.3.10
1.3.12
1.3.14
1.3.16
1.3.18
1.3.2
1.3.20
1.3.22
1.3.24
1.3.26
1.3.28
1.3.30
1.3.32
1.3.34
1.3.36
1.3.4
1.3.6
1.3.8
1.4.0
2.*
2.0.20
2.0.22
2.0.24
2.0.26
2.0.28
2.0.30
2.0.32
2.0.34
2.0.36
2.0.38
2.0.40
2.0.42
2.0.44
2.0.48
2.0.50
2.0.52
2.1.0
2.1.10
2.1.12
2.1.14
2.1.18
2.1.2
2.1.20
2.1.22
2.1.24
2.1.26
2.1.28
2.1.30
2.1.4
2.1.6
2.1.8