CVE-2017-14730
HIGHGentoo logstash-bin <5.5.3-5.6.1 - Privilege Escalation
Title source: llmDescription
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://bugs.gentoo.org/628558
Third Party Advisory x_refsource_confirm
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbd6cb398c1740c68e9b1b78340c887c58c1fbda
Third Party Advisory x_refsource_confirm
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18f97c851c209f291b31ae7a902719f1c17c79fa
Third Party Advisory x_refsource_confirm
https://github.com/gentoo/gentoo/pull/5665
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (17)
elasticsearch/logstash
5.0.0
elasticsearch/logstash
5.0.1
elasticsearch/logstash
5.0.2
elasticsearch/logstash
5.1.1
elasticsearch/logstash
5.1.2
elasticsearch/logstash
5.2.0
elasticsearch/logstash
5.2.1
elasticsearch/logstash
5.3.0
elasticsearch/logstash
5.3.1
elasticsearch/logstash
5.3.2
... and 7 more
Published
Sep 25, 2017
Tracked Since
Feb 18, 2026