CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.

packagechannelchannel versionpkg versionstatus
bareos
nixos-18.03
2019-02-20 10:25:14 UTC (cb0e20)15.2.4vulnerable
2019-01-16 18:00:31 UTC (138f2c)15.2.4vulnerable
2018-12-09 06:05:37 UTC (b551f8)15.2.4vulnerable
2018-11-29 21:00:31 UTC (a18112)15.2.4vulnerable
2018-11-28 06:10:25 UTC (9c96d1)15.2.4vulnerable
2018-11-23 12:45:42 UTC (e64482)15.2.4vulnerable
2018-11-20 12:35:27 UTC (947247)15.2.4vulnerable
2018-11-16 21:00:27 UTC (263f7b)15.2.4vulnerable
2018-11-14 10:35:19 UTC (1d8470)15.2.4vulnerable
2018-11-05 13:10:34 UTC (21b7f5)15.2.4vulnerable
2018-11-02 08:50:28 UTC (0e614d)15.2.4vulnerable
2018-10-30 16:25:07 UTC (19fc6d)15.2.4vulnerable
2018-10-30 14:40:31 UTC (6f07d2)15.2.4vulnerable
2018-10-28 11:35:42 UTC (b4e3a4)15.2.4vulnerable
2018-10-15 12:50:34 UTC (5d19e3)15.2.4vulnerable
2018-10-13 20:20:17 UTC (e85e0c)15.2.4vulnerable
2018-10-13 09:40:17 UTC (d592f2)15.2.4vulnerable
2018-10-11 15:15:08 UTC (5a38f7)15.2.4vulnerable
2018-10-09 11:20:30 UTC (c56ede)15.2.4vulnerable
2018-10-05 13:25:12 UTC (862fb5)15.2.4vulnerable
2018-10-05 13:00:32 UTC (c4eddc)15.2.4vulnerable
2018-09-21 06:10:31 UTC (d16a7a)15.2.4vulnerable
2018-09-19 17:10:27 UTC (8edf56)15.2.4vulnerable
2018-09-18 17:55:38 UTC (305f13)15.2.4vulnerable
2018-09-16 07:30:36 UTC (01f5e7)15.2.4vulnerable
2018-09-13 15:30:12 UTC (5f59ab)15.2.4vulnerable
2018-09-08 09:20:09 UTC (45f52f)15.2.4vulnerable
2018-09-02 21:10:32 UTC (8b92a4)15.2.4vulnerable
2018-09-02 14:20:10 UTC (8c172c)15.2.4vulnerable
2018-09-01 13:55:20 UTC (a960b8)15.2.4vulnerable
2018-08-31 04:20:38 UTC (a37638)15.2.4vulnerable
2018-08-29 17:10:10 UTC (edd63e)15.2.4vulnerable
2018-08-24 19:10:30 UTC (fde201)15.2.4vulnerable
2018-08-23 23:50:20 UTC (f094fd)15.2.4vulnerable
2018-08-19 18:15:22 UTC (4df342)15.2.4vulnerable
2018-08-18 23:45:22 UTC (47b68d)15.2.4vulnerable
2018-08-17 21:25:22 UTC (a4e068)15.2.4vulnerable
2018-08-17 14:30:05 UTC (cd0cd9)15.2.4vulnerable
2018-08-16 13:20:15 UTC (c1ef96)15.2.4vulnerable
2018-08-16 08:30:34 UTC (8b4ed6)15.2.4vulnerable
2018-08-15 15:40:37 UTC (5b8a24)15.2.4vulnerable
2018-08-15 05:50:22 UTC (66bd47)15.2.4vulnerable
2018-08-14 17:35:19 UTC (9cbc73)15.2.4vulnerable
2018-08-13 09:25:26 UTC (10b979)15.2.4vulnerable
2018-08-13 03:20:34 UTC (89ff9f)15.2.4vulnerable
2018-08-12 04:35:15 UTC (bfeab2)15.2.4vulnerable
2018-08-12 00:00:33 UTC (190ec7)15.2.4vulnerable
2018-08-10 22:20:22 UTC (e42c07)15.2.4vulnerable
2018-08-10 17:05:22 UTC (2c3f9c)15.2.4vulnerable
2018-08-09 21:05:22 UTC (3af001)15.2.4vulnerable
2018-08-07 05:10:16 UTC (230f98)15.2.4vulnerable
2018-08-03 03:05:12 UTC (d0c868)15.2.4vulnerable
2018-08-02 12:45:41 UTC (18401b)15.2.4vulnerable
2018-08-02 06:10:24 UTC (0e55dd)15.2.4vulnerable
2018-08-01 00:55:32 UTC (a1299c)15.2.4vulnerable
2018-07-31 16:00:28 UTC (b74b1c)15.2.4vulnerable
2018-07-30 09:15:16 UTC (6115f4)15.2.4vulnerable
2018-07-20 17:40:08 UTC (d6c6c7)15.2.4vulnerable
2018-07-12 04:35:08 UTC (411cc5)15.2.4vulnerable
2018-07-10 08:10:12 UTC (aec217)15.2.4vulnerable
2018-07-10 03:15:29 UTC (5e10df)15.2.4vulnerable
2018-07-09 02:40:20 UTC (e930c6)15.2.4vulnerable
2018-07-08 17:55:36 UTC (de7ca4)15.2.4vulnerable
2018-07-08 10:25:33 UTC (298e17)15.2.4vulnerable
2018-07-04 20:00:25 UTC (56fad1)15.2.4vulnerable
2018-06-30 13:55:14 UTC (2f06e0)15.2.4vulnerable
2018-06-29 17:10:06 UTC (0a70d6)15.2.4vulnerable
2018-06-25 10:30:35 UTC (94d80e)15.2.4vulnerable
2018-06-23 08:30:21 UTC (91b286)15.2.4vulnerable
2018-06-21 23:25:24 UTC (68e02f)15.2.4vulnerable
2018-06-17 01:05:39 UTC (14c248)15.2.4vulnerable
2018-06-16 09:40:33 UTC (f3c913)15.2.4vulnerable
2018-06-14 21:57:20 UTC (08d245)15.2.4vulnerable