Package: p3scan X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, the following vulnerability was published for p3scan. CVE-2017-14681[0]: | The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file | after dropping privileges to a non-root account, which might allow | local users to kill arbitrary processes by leveraging access to this | non-root account for p3scan.pid modification before a root script | executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated | by etc/init.d/p3scan. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14681 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature