CVE-2017-13649

Name of the Vulnerable Software and Affected Versions UnrealIRCd versions 4.0.13 and earlier

Description The issue allows local users to potentially kill arbitrary processes by modifying the PID file, which is created after dropping privileges to a non-root account. This could be exploited if a root script executes a command to kill a process based on the PID file content. However, the vendor notes that there is no common scenario in which a root script would execute this kill command.

Recommendations For UnrealIRCd versions 4.0.13 and earlier, consider restricting access to the PID file to prevent modification by non-root accounts until a fix is available. As a temporary workaround, avoid using root scripts that execute kill commands based on PID file content.