Lucene search

Ubuntu.comUB:CVE-2017-14483

HistorySep 15, 2017 - 12:00 a.m.

CVE-2017-14483

2017-09-1500:00:00

ubuntu.com

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for
Celery Flower sets PID file ownership to a non-root account, which might
allow local users to kill arbitrary processes by leveraging access to this
non-root account for PID file modification before a root script executes a
“kill cat /pathname” command.

Notes

Author	Note
debian	Gentoo-specific issue, Debian doesn’t provide an init script at all

References

bugs.gentoo.org/631020

launchpad.net/bugs/cve/CVE-2017-14483

nvd.nist.gov/vuln/detail/CVE-2017-14483

security-tracker.debian.org/tracker/CVE-2017-14483

www.cve.org/CVERecord?id=CVE-2017-14483

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2017-14483