Privilege Escalation via User-Writable Directory Trees in Gentoo app-admin/logstash-bin Package

Privilege Escalation via User-Writable Directory Trees in Gentoo app-admin/logstash-bin Package

CVE-2017-14730 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

Learn more about our Cis Benchmark Audit For Debian Family Linux.