Lucene search

MitreCVE-2017-11746

HistoryJul 30, 2017 - 4:29 p.m.

CVE-2017-11746

2017-07-3016:29:00

CWE-552

mitre

web.nvd.nist.gov

cve-2017-11746

tenshi 0.15

file creation

privilege escalation

local users

arbitrary processes

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a “kill cat /pathname/tenshi.pid” command.

Affected configurations

Nvd

Node

inversepathtenshiMatch0.15

VendorProductVersionCPE
inversepathtenshi0.15cpe:2.3:a:inversepath:tenshi:0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
inversepath	tenshi	0.15	cpe:2.3:a:inversepath:tenshi:0.15:::::::*

References

github.com/inversepath/tenshi/issues/6

security.gentoo.org/glsa/201804-18

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

Related for CVE-2017-11746