Your submission was sent successfully! Close

CVE-2017-11746

Published: 30 July 2017

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
tenshi
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [0.13-2+deb7u1~build0.14.04.1])
upstream
Released (0.13-2+deb7u1)
xenial
Released (0.13-2+deb7u1~build0.16.04.1)
zesty
Released (0.13-2+deb7u1~build0.17.04.1)