Race Condition Vulnerability in Util-Linux Affecting Red Hat
CVE-2017-2616

5.5MEDIUM

Key Information:

Vendor
Linux
Status
Util-linux
Vendor
CVE Published:
27 July 2018

Summary

A race condition exists in prior versions of util-linux, where the 'su' command improperly manages child processes. This vulnerability allows a local authenticated attacker to exploit the flaw under specific conditions, potentially enabling them to terminate processes running with root privileges. This scenario poses a significant risk in environments where system integrity and process management are crucial.

Affected Version(s)

util-linux 2.32.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96404
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:0907
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.