Race Condition in util-linux

Do your applications use this vulnerable package? Test your applications

Overview

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

References

CVE Details
Debian Security Advisory
Debian Security Tracker
Gentoo Security Advisory
GitHub Commit
RHSA Security Advisory
RedHat Bugzilla Bug
RedHat Security Advisory
Security Focus
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

High
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2017-2616
CWE: CWE-267 CWE-362
Snyk ID: SNYK-DEBIAN8-UTILLINUX-285840
Disclosed: 27 Jul, 2018
Published: 27 Jun, 2018

Race Condition
Affecting util-linux package, versions *

Overview

References

CVSS Score

Race Condition Affecting util-linux package, versions *

Overview

References

Race Condition
Affecting util-linux package, versions *