Your submission was sent successfully! Close

CVE-2017-14159

Published: 5 September 2017

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

Priority

Low

CVSS 3 base score: 4.7

Status

Package Release Status
openldap
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable

groovy Not vulnerable

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

zesty Ignored
(reached end-of-life)

Notes

AuthorNote
mdeslaur
per upstream bug, upstream doesn't consider this to be a
security issue. Marking as not-affected.

References

Bugs