Privilege Defined With Unsafe Actions

CVE-2017-2616

Medium

5.5/10

Summary

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-267 - Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References

Advisory Timeline

Published Jul 27, 2018

Privilege Defined With Unsafe Actions

CVE-2017-2616

Summary

CWE-267 - Privilege Defined With Unsafe Actions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS