CVE-2017-18226

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
jabberd2jabberd2
𝑥
≤ 2.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jabberd2
bullseye
ignored
bookworm
ignored
buster
ignored
stretch
ignored
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jabberd2
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://bugs.gentoo.org/631068
https://bugs.gentoo.org/631068