Description
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201806-03
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.gentoo.org/628770
Scores
CVSS v3
7.1
EPSS
0.0003
EPSS Percentile
9.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
burp_project/burp
< 2.1.32
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026