Description
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.gentoo.org/629412
Scores
CVSS v3
7.8
EPSS
0.0010
EPSS Percentile
28.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
jabberd2/jabberd2
< 2.6.1
Published
Mar 12, 2018
Tracked Since
Feb 18, 2026