Local Privilege Escalation in Gentoo Python Package for Celery Flower
CVE-2017-14483

5.5MEDIUM

Key Information:

Vendor: Gentoo
Status: Dev-python-flower
Vendor: CVE Published:; 15 September 2017

What is CVE-2017-14483?

The Gentoo dev-python/flower package prior to version 0.9.1-r1 contains a vulnerability where the PID file ownership is set to a non-root account. This design flaw can enable local users with access to the non-root account to modify the PID file. Subsequently, they could exploit this vulnerability to terminate arbitrary processes by executing a command that accesses the PID file. This poses a security risk, allowing potential unauthorized actions within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugs.gentoo.org/631020

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2017
Vulnerability Reserved
Sep 15, 2017

JSON

Gentoo

What is CVE-2017-14483?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.