← back
CVE-2017-14159

CVE-2017-14159

EPSS 0.3%
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.oracle.com/security-alerts/cpuapr2022.htmlhttp://www.openldap.org/its/index.cgi?findid=8703