bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-20T18:00:00Z

Updated: 2024-09-16T17:32:56.136Z

Reserved: 2017-09-20T00:00:00Z

Link: CVE-2017-14610

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-20T18:29:01.610

Modified: 2024-11-21T03:13:11.900

Link: CVE-2017-14610

cve-icon Redhat

No data.