CVE-2017-2616

Public on 2017-04-27

Modified on 2017-04-27

Description

A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Severity

Medium

See what this means

CVSS v3 Base Score

5.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	util-linux	2017-04-27 00:00	ALAS-2017-823

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.5	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv2	4.7	AV:L/AC:M/Au:N/C:N/I:N/A:C
NVD	CVSSv3	4.7	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2017-2616 Mitre: CVE-2017-2616 FAQs regarding Amazon Linux ALAS/CVE Severity