CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.0%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 1.9

References

Products affected by CVE-2017-14159

Openldap » Openldap » Version: N/A

cpe:2.3:a:openldap:openldap:-
Openldap » Openldap » Version: 2.0

cpe:2.3:a:openldap:openldap:2.0
Openldap » Openldap » Version: 2.3.29

cpe:2.3:a:openldap:openldap:2.3.29
Openldap » Openldap » Version: 2.4

cpe:2.3:a:openldap:openldap:2.4
Openldap » Openldap » Version: 2.4.10

cpe:2.3:a:openldap:openldap:2.4.10
Openldap » Openldap » Version: 2.4.11

cpe:2.3:a:openldap:openldap:2.4.11
Openldap » Openldap » Version: 2.4.12

cpe:2.3:a:openldap:openldap:2.4.12
Openldap » Openldap » Version: 2.4.13

cpe:2.3:a:openldap:openldap:2.4.13
Openldap » Openldap » Version: 2.4.14

cpe:2.3:a:openldap:openldap:2.4.14
Openldap » Openldap » Version: 2.4.15

cpe:2.3:a:openldap:openldap:2.4.15
Openldap » Openldap » Version: 2.4.16

cpe:2.3:a:openldap:openldap:2.4.16
Openldap » Openldap » Version: 2.4.17

cpe:2.3:a:openldap:openldap:2.4.17
Openldap » Openldap » Version: 2.4.18

cpe:2.3:a:openldap:openldap:2.4.18
Openldap » Openldap » Version: 2.4.19

cpe:2.3:a:openldap:openldap:2.4.19
Openldap » Openldap » Version: 2.4.20

cpe:2.3:a:openldap:openldap:2.4.20
Openldap » Openldap » Version: 2.4.21

cpe:2.3:a:openldap:openldap:2.4.21
Openldap » Openldap » Version: 2.4.22

cpe:2.3:a:openldap:openldap:2.4.22
Openldap » Openldap » Version: 2.4.23

cpe:2.3:a:openldap:openldap:2.4.23
Openldap » Openldap » Version: 2.4.24

cpe:2.3:a:openldap:openldap:2.4.24
Openldap » Openldap » Version: 2.4.25

cpe:2.3:a:openldap:openldap:2.4.25
Openldap » Openldap » Version: 2.4.26

cpe:2.3:a:openldap:openldap:2.4.26
Openldap » Openldap » Version: 2.4.27

cpe:2.3:a:openldap:openldap:2.4.27
Openldap » Openldap » Version: 2.4.28

cpe:2.3:a:openldap:openldap:2.4.28
Openldap » Openldap » Version: 2.4.29

cpe:2.3:a:openldap:openldap:2.4.29
Openldap » Openldap » Version: 2.4.30

cpe:2.3:a:openldap:openldap:2.4.30
Openldap » Openldap » Version: 2.4.31

cpe:2.3:a:openldap:openldap:2.4.31
Openldap » Openldap » Version: 2.4.32

cpe:2.3:a:openldap:openldap:2.4.32
Openldap » Openldap » Version: 2.4.33

cpe:2.3:a:openldap:openldap:2.4.33
Openldap » Openldap » Version: 2.4.34

cpe:2.3:a:openldap:openldap:2.4.34
Openldap » Openldap » Version: 2.4.35

cpe:2.3:a:openldap:openldap:2.4.35
Openldap » Openldap » Version: 2.4.36

cpe:2.3:a:openldap:openldap:2.4.36
Openldap » Openldap » Version: 2.4.37

cpe:2.3:a:openldap:openldap:2.4.37
Openldap » Openldap » Version: 2.4.38

cpe:2.3:a:openldap:openldap:2.4.38
Openldap » Openldap » Version: 2.4.39

cpe:2.3:a:openldap:openldap:2.4.39
Openldap » Openldap » Version: 2.4.40

cpe:2.3:a:openldap:openldap:2.4.40
Openldap » Openldap » Version: 2.4.41

cpe:2.3:a:openldap:openldap:2.4.41
Openldap » Openldap » Version: 2.4.42

cpe:2.3:a:openldap:openldap:2.4.42
Openldap » Openldap » Version: 2.4.43

cpe:2.3:a:openldap:openldap:2.4.43
Openldap » Openldap » Version: 2.4.44

cpe:2.3:a:openldap:openldap:2.4.44
Openldap » Openldap » Version: 2.4.45

cpe:2.3:a:openldap:openldap:2.4.45
Openldap » Openldap » Version: 2.4.6

cpe:2.3:a:openldap:openldap:2.4.6
Openldap » Openldap » Version: 2.4.7

cpe:2.3:a:openldap:openldap:2.4.7
Openldap » Openldap » Version: 2.4.8

cpe:2.3:a:openldap:openldap:2.4.8
Openldap » Openldap » Version: 2.4.9

cpe:2.3:a:openldap:openldap:2.4.9
Oracle » Blockchain Platform » Version: N/A

cpe:2.3:a:oracle:blockchain_platform:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14159

Products

Pricing

Contact Us