CVE-2017-18284
HIGHburp < 2.1.32 - Incorrect Permission Assignment for Critical Resource
Title source: llmDescription
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201806-03
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.gentoo.org/628770
Scores
CVSS v3
7.1
EPSS
0.0027
EPSS Percentile
18.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
burp_project/burp
< 2.1.32
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026