CVE-2017-18225 — HIGH (7.8)

Q: How severe is CVE-2017-18225?

CVE-2017-18225 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-18225?

Check the references section above for vendor advisories and patch information. Affected products include: Jabberd2 Jabberd2, Gentoo Linux.

Vulnerability Description

The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jabberd2	Jabberd2	<= 2.6.1
Gentoo	Linux	-

Related Weaknesses (CWE)

CWE-732

References

https://bugs.gentoo.org/629412Issue TrackingThird Party Advisory
https://bugs.gentoo.org/629412Issue TrackingThird Party Advisory

FAQ

What is CVE-2017-18225?

CVE-2017-18225 is a vulnerability with a CVSS score of 7.8 (HIGH). The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users t...

How severe is CVE-2017-18225?

CVE-2017-18225 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18225?

Check the references section above for vendor advisories and patch information. Affected products include: Jabberd2 Jabberd2, Gentoo Linux.