The Gentoo app-admin/collectd package prior to 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
collectd collectd |
||
collectd collectd 5.7.2 |