CVE-2017-18240

MEDIUM

collectd < 5.7.2 - Unauthenticated Arbitrary Process Termination via PID File Manipulation

Title source: llm
STIX 2.1

Description

The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201803-10
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103469
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/628540

Scores

CVSS v3 5.5
EPSS 0.0037
EPSS Percentile 29.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (2)
collectd/collectd 5.7.2 r1
collectd/collectd < 5.7.2
Published Mar 19, 2018
Tracked Since Feb 18, 2026