Vulnerability Details : CVE-2016-20015
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
Exploit prediction scoring system (EPSS) score for CVE-2016-20015
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 36 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-20015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
References for CVE-2016-20015
-
https://bugs.gentoo.org/602652
602652 – (CVE-2016-20015) net-analyzer/smokeping: root privilege escalation via race condition in init scriptExploit;Issue Tracking;Third Party Advisory
Products affected by CVE-2016-20015
- cpe:2.3:a:smokeping:smokeping:*:*:*:*:*:*:*:*