Date published: 2017-09-01T01:29:00.250-04:00
Date last modified: 2017-09-08T16:44:57.457-04:00
CVSS Score: 4.6
Principal attack vector: LOCAL
Reference URL: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html
Summary: MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by the init-script.in and mimedefang-init.in scripts.