{
  "threat_severity" : "Moderate",
  "public_date" : "2017-02-22T00:00:00Z",
  "bugzilla" : {
    "description" : "util-linux: Sending SIGKILL to other processes with root privileges via su",
    "id" : "1418710",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1418710"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-267",
  "details" : [ "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.", "A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions." ],
  "acknowledgement" : "Red Hat would like to thank Tobias Stöckmann for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-03-21T00:00:00Z",
    "advisory" : "RHSA-2017:0654",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "coreutils-0:8.4-46.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-04-12T00:00:00Z",
    "advisory" : "RHSA-2017:0907",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "util-linux-0:2.23.2-33.el7_3.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "coreutils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "shadow-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "util-linux",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "shadow-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "util-linux-ng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "coreutils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "shadow-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-2616\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2616" ],
  "name" : "CVE-2017-2616",
  "csaw" : false
}